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Is  a  next-generation 
firewall  in  your  future? 

Application-aware  firewall/VPN  with  intrusion 
prevention  and  filtering  on  the  rise 


BYELLEN  MESSMER 

THE  TRADITIONAL  port-based  enterprise 
firewall,  now  looking  less  like  a  guard  and 
more  like  a  pit  stop  for  Internet  applications 
racing  in  through  ports  80  and  443,  is  slowly 
losing  out  to  a  new  generation  of  brawny,  fast, 
intelligent  firewalls. 

The  term  “next-generation  firewall”  (NGFW) 
is  used  to  describe  an  enterprise  firewall/VPN 
that  has  the  muscle  to  efficiently  perform 


intrusion-prevention  sweeps  of  traffic  and 
has  an  awareness  of  the  applications  moving 
through  in  order  to  enforce  identity-based 
application  usage.  It’s  also  supposed  to  have 
the  brains  to  use  information  such  as  Internet 
reputation  analysis  to  help  with  malware  fil¬ 
tering  or  integrate  with  Active  Directory. 

But  how  long  will  it  take  for  the  NGFW  tran¬ 
sition  to  truly  arrive? 

Start-up  Palo  Alto  Networks  is  regarded 
as  the  first  vendor  to  have  donned  the  NGFW 


mantle.  It  introduced  its  line  of  multipurpose 
application-aware  security  appliances  in  2007 
and  today  has  more  than  2,200  customers. 
Vendors  Fortinet,  Cisco,  Check  Point,  McAfee 
and  Barracuda  Networks,  among  others,  have 
also  been  expanding  or  retooling  their  firewall 
products  to  fit  the  NGFW  image.  In  addition, 
intrusion-prevention  system  vendor  Source- 
fire  has  said  it  will  have  an  application-aware 
firewall  with  IPS  out  next  year.  But  despite 

►  See  Firewall, page  12 
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Open  source  IP  PBX 
saves  serious  cash 
for  Michigan  CAT 

BYTIM  GREENE 


ALSO  INSIDE 


What’s  in  your 
network? 

IPsonar  makes  quick 
work  of  documenting 
the  nooks  and  era 
nies  of  enterprise 
nets.  ►  Page  38 


IN  A  move  that  might  send  shivers  down  the  spines  of  main¬ 
stream  IP  PBX  vendors  such  as  Avaya,  Cisco  and  Shore- 
Tel,  Michigan  CAT  has  deployed  an  open  source  Asterisk  IP 
PBX  to  handle  its  phone  calls  and  contact  center  at  half  the 
cost  of  what  commercial  vendors  would  have  charged. 

Even  the  CIO  in  charge  of  the  decision  was  a  little  nervous 
about  whether  the  free  software  could  support  300  phones 

►  See  CAT,  page  26 
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DON’T  LET  THE  DOOR  HIT  YOUR  OLD 
WORK  PHONES  ON  THE  WAY  OUT. 

The  new  multi-talented  DROID  2  Global  and  DROID  PRO  by  Motorola  can  handle  your  corporate  email  and  security 
requirements  with  ease.  Designed  with  remote  SD  card  wipe,  data  encryption*  and  built-in  synergy  with  Google  Apps, 
including  Gmail,  GoogleTalk,  Google  Docs,  and  Google  Apps  Device  Policy  for  management  and  security,  the  new 
business  ready  smartphones  from  Motorola  also  come  standard  with  powerful  1-1.2  GHz  processors,  personal  Wi-Fi 
hotspots,  and  global  connectivity  in  over  200  countries. Throw  in  access  to  more  than  100,000  apps  on  Android  Market™ 
and  a  choice  of  cool  designs,  and  you're  talking  your  employees'  language. 

In  with  the  new. 


Cloud  Ready 


j|r|  Enterprise  Security 


Device  Management 


Google  Apps 


To  see  the  full  range  of  Motorola  business  ready  smartphones,  visit  Motorola.com/Business-Smaitphones 


Screen  images  simulated. 

*  Via  over-the-air  update  coming  in  Qt  2011. 

Certain  features,  services  and  applications  are  network  dependent  and  may  wot  be  available  in  all  areas;  additional 
terms,  conditions  and/or  charges  may  apply,  Ail  features,  functionality  and:  other  product  specifications  are  subject  to 
change  without  notice  or  obligation.  Contact  your  service  provider  for  more  details.  Motorola  and  the  Stylized  M  Logo 
are  trademarks  or  registered  trademarks  of  Motorola  Trademark  Holdings,  LLC.  DROID  is  a  trademark  of  Lucasfilm  Ltd. 
and  its  related  companies.  Used  under  license.  Google,  So&gJe  Cloud,  GoogleTalk,  Google  Docs,  Google  Apps  Device 
Policy,  Android  Market  and  YouTube  are  trademarks  Of  Google,  Inc.  Alt  other  product  and  service  names  are  the  property 
of  their  respective  owners.  ©  2010  Motorola  Mobility,  Inc  AII  rights  reserved. 
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FROM  THE  EDITOR  JOHN  DIX 


Our  vote  on  neutrality 

The  net  neutrality  framework  that  FCC  chairman 
Julius  Genachowski  outlined  in  a  speech  last  week 
and  which  will  be  voted  on  later  this  month  sustains 
many  of  the  original  goals  of  neutrality  while  giving 
the  telcos  enough  to  give  a  tentative  nod  of  approval, 
all  of  which  adds  up  to  a  mean¬ 
ingful  step  forward. 

While  it  is  still  unclear  if  the  FCC  has  the  legal  author¬ 
ity  to  pursue  net  neutrality  (earlier  this  year  a  court  told 
the  Commission  it  overstepped  its  bounds  when  it  told 
Comcast  not  to  throttle  peer-to-peer  traffic),  thankfully 
all  discussion  about  gaining  that  authority  by  reclassify¬ 
ing  broadband  as  Title  II  telecommunications  service 
has  evaporated. 

That  would  have  been  a  messy,  litigious  affair  that 
would  have  stalled  progress  for  years.  Genachowski  says  he  is  now  convinced  “we 
have  a  sound  legal  basis”  for  moving  forward,  but  we  won’t  know  for  sure  until  the 
approach  is  outlined  in  detail. 

Here’s  what  we  do  know:  The  framework  —  the  FCC’s  effort  to  “preserve  the 
freedom  and  openness  of  the  Internet”  by  ensuring  traffic  on  the  net  is  treated  in  a 
neutral  fashion  and  service  providers  don’t  try  to  enrich  themselves  at  the  expense 
of  others  —  would  require  “meaningful  transparency”  so  consumers  know 
what  service  providers  are  doing;  “prohibit  the  blocking  of  lawful  content,  apps, 
services”;  and  ensure  a  level  playing  field  by  including  “a  bar  on  unreasonable 
discrimination  in  transmitting  lawful  network  traffic.” 

That  is  in  keeping  with  the  goals  from  the  beginning.  Here’s  the  new  stuff  the  telcos 
like:  “Broadband  providers  need  meaningful  flexibility  to  manage  their  networks . . . 
to  deal  with  traffic  that’s  harmful . . .  and  to  address  the  effects  of  congestion.” 

Service  providers,  many  of  them  saying  they  still  don’t  think  any  new  rules 
are  needed,  were  at  least  pleased  by  the  concessions.  AT&T:  “The  FCC  appears  to 
be  embracing  a  compromise  solution.”  Comcast:  “The  proposal  as  described . . . 
strikes  a  workable  balance.”  Only  Verizon  blanched,  as  quoted  in  The  New  York 
Times:  “The  FCC’s  authority  to  act  in  this  area  is  uncertain.”  Verizon  sees  the  frame¬ 
work  as  a  stopgap  until  Congress  can  pick  up  the  issue. 

Indeed,  some  congressmen  are  promising  just  that.  According  to  The  Washington 
Times,  Tennessee  Republican  Rep.  Marsha  Blackburn,  “is  pushing  a  bill  that  would 
give  Congress  sole  oversight  of  the  Internet.” 

Besides  that  being  a  horrible  idea  given  the  ponderous,  often  misguided  nature  of 
Congress  when  it  comes  to  all  things  tech,  we  don’t  believe  lawmakers  would  have  the 
stomach  for  it.  After  all,  some  of  the  biggest  names  in  Internet  innovation  —  Google, 
Netflix,  Skype,  eBay,  Yahoo  —  are  for  the  neutrality  that  Blackburn  and  others  decry. 

Although  three  of  the  five  members  of  the  FCC  have  generally  favored  neutral¬ 
ity,  some  don’t  think  this  framework  goes  far  enough,  so  it  will  be  interesting  to  see 
if  Genachowski  can  muster  the  votes  later  this  month.  For  our  part,  we  like  what 
we  see.  It  is  a  tenable  compromise. 
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WikiLeaks  -  the  enemy  of 
corruption,  hypocrisy  and  evil 

©  WIKILEAKS  IS  THE  Samizdat  of  our  genera¬ 
tion  -  it  stands  for  freedom  of  information, 
and  the  holding  to  accountability  of  all 
those  who  strive  for  a  Big  Brother  form  of 
absolute  control  —  like  the  US  Govern¬ 
ment  (re:  “Amazon  reportedly  shows 
WikiLeaks  the  door;” 
tinyurl.com/37yrd8o). 

WikiLeaks  shines  a 
light  into  all  those  dark, 
corrupt  and  evil  places 
in  the  world,  where 
those  who  crave  power 
do  so  at  the  expense 
of  human  lives  and 
dignity.  It  helps  expose 
those  cockroaches, 
those  vampire  squids 
of  humanity  in  the  act 
of  committing  their 
horrible  crimes.  It 
helps  to  expose  hypoc¬ 
risy  and  moral  hazard, 
to  expose  wrongdoings 
swept  under  the  rug,  to 
expose  people  in  power 
acting  in  their  own  self-interest. 

Granted,  what  WikiLeaks  does  may 
not  be  ethical,  but  not  only  is  it  moral, 
it  is  also  necessary.  Very  necessary.  If  I 
had  the  money,  I  would  buy  the  entire 
Amazon  cloud  network  to  dedicate  it  to 
WikiLeaks. 

Remember  this: 

“They  came  first  for  the  Communists, 
and  I  didn’t  speak  up  because  I  wasn’t  a 
Communist. 

Then  they  came  for  the  trade  unionists, 
and  I  didn’t  speak  up  because  I  wasn’t  a 
trade  unionist. 

Then  they  came  for  the  Jews,  and  I 
didn’t  speak  up  because  I  wasn’t  a  Jew. 

Then  they  came  for  me  and  by  that  time 
no  one  was  left  to  speak  up.” 

WikiLeaks  is  speaking  up.  It  is  time  we 
listened,  and  added  our  voice  to  theirs. 

ReneKabis 

Last  week,  the  Department  of  Home¬ 
land  Security  (DHS)  seized  the  domain 
names  of  roughly  70  Web  sites  for 
copyright  infringement.  There  were  no 
warrants,  no  court  orders,  and  no  court 
hearings  before  a  judge.  The  DHS  simply 
used  their  authority  to  grab  Web  sites  on 
the  basis  they  are  perceived  threats. 


So,  if  WikiLeaks  is  really  exposing 
dangerous  classified  diplomatic  cables 
that  are  a  threat  to  the  United  States,  why 
didn’t  DHS  seize  the  WikiLeaks  domain? 
Assange  was  dropping  hints  of  a  major 
leak  to  come. 

If  WikiLeaks  was  a  real  whistleblower, 
DHS  could  shut  them  down  by  grabbing 
their  domain  name 
just  as  easily  as  it  shut 
down  the  copyright 
violators.  But  they 
didn’t. 

There  is  no  other 
possible  explanation 
for  DHS  not  to  seize 
the  domain  as  a  real 
threat,  especially  since 
Assange  was  not  shy 
about  dropping  hints 
as  to  what  was  to  come! 

WikiLeaks  is  a  pro¬ 
paganda  front. 

Anon 

Yet  again  another 
writer  has  nothing  of 
value  to  write  about 
so  he  flaunts  his  ridiculous  take  on  this 
matter.  (Re:  “WikiLeaks  is  not  the  actual 
problem;”  tinyurl.com/35df3qz) 

Plain  and  simple,  WikiLeaks’  owner  is 
another  one  of  these  morons  that  believe 
everyone  has  the  right  to  know  everything. 
The  receipt  of  the  leaked  documents 
should  have  been  met  with  responsibility 
in  turning  the  analyst  in  to  authorities  and 
returning  the  materials  stolen.  Instead, 
in  his  lust  for  fame  and  fortune,  the 
WikiLeaks  owner  publishes  the  materials 
not  giving  one  hoot  what  the  consequences 
may  be  for  any  and  all  involved. 

Boogeyman 

Dull 

©  MICROSOFT  IS  AFRAID  ofLinux(re: 
“The  Linux  Desktop  Revolution  is  Dead;” 
tinyurl.com/35em7p7).  So  what  do  they 
know?  How  about  Linux  is  more  stable 
using  less  resources  with  better  security 
and  unbeatable  value  with  more  frequent 
innovation.  Google  is  arguably  the  most 
used  service  in  the  world  and  is  run  on 
the  largest  Linux  networks  ever  made. 
Red  Hat  is  a  billion-dollar  company.  Look 
past  Microsoft’s  monopoly  and  watch  it 
slowly  but  surely  erode. 

Anon 


WikiLeaks’ 
owner  is  another 

one  of  those 
morons  that 
believe  every¬ 
one  has  the 
right  to  know 
everything. 


NETWORKWDRLD 

492  Old  Connecticut  Path,  Framingham,  MA  01701-9002 
Main  Phone:  (508)  766-5301 
E-mail:  firstinitial_lastname@nww.com 
Editorial  Calendar:  http://tinyurl.com/39sf649 

EDITORIAL 

Editor  in  Chief:  John  Dix 

Online  Executive  Editor,  News:  Bob  Brown 

Executive  Online  Editor:  Jeff  Caruso 

Executive  Features  Editor:  Neal  Weinberg 

Community  Editor:  Julie  Bort 

Multimedia  Programming  Director:  Keith  Shaw 

NEWS  EDITORS 

Online  News  Editor:  Michael  Cooney 
Online  News  Editor:  Paul  McNamara 
Online  Associate  News  Editor:  Ann  Bednarz 

REPORTERS 

Jon  Brodkin,  Senior  Editor 

John  Cox,  Senior  Editor 

Jim  Duffy,  Managing  Editor 

Tim  Greene,  Senior  Editor 

Carolyn  Duffy  Marsan,  National  Correspondent 

Ellen  Messmer,  Senior  Editor 

Brad  Reed,  Senior  Writer 

PRINT  LAYOUT/WEB  PRODUCTION 

Managing  Editor:  Ryan  Francis 
Copy  Chief:  Tammy  O'Keefe 

DESIGN 

Executive  Art  Director:  Mary  Lester 
Associate  Art  Director:  Stephen  Sauer 

NETWORK  WORLD  LAB  ALLIANCE 

Joel  Snyder,  Opus  One;  John  Bass,  Centennial  Networking 
Labs:  Barry  Nance,  independent  consultant;  Thomas 
Henderson,  ExtremeLabs;  David  Newman,  Network 
Test;  James  Gaskin,  Gaskin  Computing  Services;  Craig 
Mathias,  FarPoint  Group 

OFFICE  MANAGEMENT 

Editorial  Operations  Manager:  Cheryl  Crivello 
Office  Manager,  Editorial:  Pat  Josefek 

SUBSCRIPTIONS 

Phone:(877)701-2228 
E-mail:  nww@omeda.com 
URL:  www.subscribenww.com 

REPRINTS 

(717)  505-9701,  ext.  129 

*IDG  Enterprise 

IDG  ENTERPRISE 

CEO:  Mike  Friedenberg 

Group  Publisher:  Bob  Melk 

Chief  Content  Officer/SVP:  John  Gallant 


4  DECEMBER  6, 2010  www.networkworld.com 


WHAT’S  the  BUSINESS  PROBLEM? 
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the  QWEST  SOLUTION:  Failing  to  measure  up  to  mandates  puts  your  business’ 
reputation  and  your  data  at  risk.  With  Qwest’s  comprehensive  suite  of  security  solutions, 
you  can  keep  your  critical  information  safe  and  stay  up  to  date  on  ever-changing 
legislative  and  industry  regulations.  Solve  more  problems  at  qwestsolutions.com 


Copyright  ©2010  Qwest.  All  Rights  Reserved 
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Google  one-ups 
online  bully 


market  watcher  Nielsen’s 
latest  numbers,  which 
show  that  about  one 
in  three  U.S.  wireless 
phone  subscribers 
now  own  a  full-fledged 
smartphone.  Among 
9,200  people  surveyed,  about 
31%  of  women  want  an  iPhone 
and  about  23%  want  an  Android 
phone,  with  RlackBerry  and 
Windows  phones  coming  next. 
Men  leaned  toward  Android 
(32.6%)  over  the  iPhone  (28.6%). 
A  separate  survey  earlier  this 
year  found  that  women  were 
more  likely  to  date  a  man, 
regardless  of  his  looks,  if  he  had 
an  iPhone. 

tinyurl.com/353or7e 


centers,  is  developing 
two  more  environmen¬ 
tal  metrics:  CUE,  or 
Carbon  Usage  Effective¬ 
ness,  is  intended  to  help 
managers  determine  the 
amount  of  greenhouse  gas 
emissions  generated  by  the 
IT  gear;  while  WUE,  or  Water 
Usage  Effectiveness,  is  intended 
to  show  how  much  water  is 


IN  AN  UNCHARACTERISTICALLY  public  way,  Google  has 
acknowledged  it  modified  its  search  algorithm  so  it  can  identify 
businesses  that  provide  bad  service  and  lower  their  rankings 
accordingly.  Google  took  action  after  Vitaly  Borker,  founder 
and  owner  of  online  eyeware  merchant  DecorMyEyes,  boasted 
that  his  site’s  high  Google  rankings  were  directly  proportional 
to  the  many  complaints  posted  by  upset  customers  -  and 
that  he  purposefully  antagonized  customers.  That  tactic  won't 
work  anymore,  Google  says.  “I  am  here  to  tell  you  that  being 
bad  is,  and  hopefully  will  always  be,  bad  for  business  in  Google's 
search  results,"  wrote  Amit  Singhal,  Google 
Fellow,  in  a  blog  post.  Without  going  into  much 
detail,  Singhal  said  Google  developed  a  solution 
that  flags  merchants  that  provide  "an 
extremely  poor  user  experience"  and 
assigns  them  lower  rankings,  tinyurl. 
com/2wduogu 
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Cisco  buys 
LineSider  for 
cloud  boost 

THE  ACQUISITION  ofLine- 
Sider,  a  small  Massachusetts 
software  company,  fills  a  vital 
piece  in  one  of  Cisco’s  three 
strategic  pillars:  virtualization. 
LineSider  makes  network  provi¬ 
sioning  software  for  virtual  data 
centers  and  clouds,  delegating 
and  enforcing  policies  among 
VMs  and  physical  assets.  Tun¬ 
ing  the  LineSider  OverDrive 
software  for  Cisco  routers  and 
switches  will  allow  the  tools  to 
control  network  access,  security 
and  services  across  logical  and 
physical  constructs.  Cisco  won’t 


say  what  it  will  pay  for  Line¬ 
Sider,  but  the  cloud  orchestra¬ 
tion  it  is  acquiring  is  significant 
as  Cisco  continues  its  trans¬ 
formation  into  a  full-fledged 
IT  supplier.  LineSider  will  be 
integrated  into  Cisco’s  Network 
Management  Technology 
Group  under  Jesper  Andersen. 
tinyurl.com/35ee8x7 

Women  desire 
iPhones,  men 
want  Androids 

IPHONES  ARE  especially 
popular  among  women  while 
men  prefer  Android-based 
devices.  This  is  according  to 


IT  VIOE©  .  • 

Verizon  4G  LTE 
first  look 

Keith  Shaw  gives  a  video 
demo  of  the  LG  VL600 
USB  data  modem,  which 
can  access  Verizon  Wireless’ 
new  4G  LTE  wireless  net¬ 
work.  In  speed  tests,  he  was 
able  to  achieve  about  6M  to 
8Mbps  of  download  speed, 
and  almost  the  same  (5M  to 
7Mbps)  of  upload  speeds. 
tinyurl.com/234ofbo 


Getting  a  handle 
on  IT's  carbon 
footprint 

THE  GREEN  Grid  consortium, 
which  developed  the  widely 
used  PUE  metric  for  measur¬ 
ing  energy  efficiency  in  data 


consumed  by  IT  operations.  The 
CUE  metric  is  available  today, 
and  the  WUE  metric  will  be 
posted  by  March  2011.  tinyurl. 
com/34hh6jh 

Google  trumps 
Microsoft,  lands 
GSA  cloud  deal 

THE  U.S.  General  Services 
Administration  will  become 
the  first  federal  agency  to  use  a 
cloud-based  system  for  e-mail 
across  the  entire  agency,  choos¬ 
ing  Google,  Unisys  and  others  for 
a  five-year,  $6.7  million  deal.  GSA 
expects  to  reduce  existing  costs 
by  50%  over  the  term  of  the  deal. 
The  choice  is  a  blow  to  Microsoft, 
which  has  tried  to  position  itself 
as  offering  the  most  secure  ser¬ 
vices  for  the  government.  Earlier 
this  year  Microsoft  launched  a 
version  of  its  Business  Produc¬ 
tivity  Online  Suite  that  includes 
Exchange,  SharePoint,  Office 
Live  Meeting  and  Office  Com¬ 
munications  hosted  from  special 
facilities  to  meet  the  needs  of 
federal  agencies.  Physical  access 
to  the  site  is  controlled  with 
biometric  systems  and  the  only 
people  with  access  to  the  facility 
are  U.S.  citizens,  Microsoft  said. 
Google  has  also  made  efforts  to 
appeal  to  government  custom¬ 
ers.  In  July,  it  introduced  Google 
Apps  for  Government,  including 
Gmail,  Talk,  Groups,  Calendar, 
Docs,  Sites,  Video  and  Postini. 
Data  is  stored  only  in  the  U.S., 
and  servers  that  support  the 
offering  are  segregated  from 
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WASTED  HOURS  25 


Name 


Date 


Current  Security  Company 


#  OF  HRS.  SPENT 

SUN 

MON 

TUE 

WED 

THU 

FRI 

SAT 

TOTAL 

DOWNLOADING  LATEST  PATCHES 

DOWNLOADING  PATCHES  FOR 
LATEST  PATCHES 

LOOKING  FOR  UPDATES 

CONSOLING  COWORKERS  WITH 
CRASHED  COMPUTERS 

FIXING  PREVENTABLE  PROBLEMS 
THAT  WEREN’T  PREVENTED 

TOTAL  HOURS: 

x 


WE  WORK  FOR  YOU,  NOT  THE  OTHER  WAY  AROUND. 

It  may  not  seem  like  a  revolutionary  idea,  but  in  the  security  industry  it  is.  It  has  somehow  become  the  norm  to  pass  the  burden  of 
security  from  company  to  customer.  Installing,  maintaining,  downloading,  and  updating  is  somehow  your  job,  while  finger  pointing, 
blaming,  and  looking  the  other  way  is  theirs.  Well,  at  Webroot  we  think  it's  time  for  a  change.  It's  time  for  security  to  be  the  service 
it  is  sold  as,  instead  of  the  burden  it  becomes.  It's  time  to  prevent  problems  instead  of  scrambling  to  fix  them.  It's  time  for  Webroot. 


For  more  information  about  Webroot  business  solutions, 
call866.915.3208orvisitwebroot.com/4u  Information  Security  Solved 


Webroot 


©2010  Webroot  Software,  Inc.  All  rights  reserved.  Webroot  is  a  trademark  or  registered  trademark  of  Webroot  Software,  Inc.  in  the  United  States  and/or  other  countries. 


bits 


GOOD  I  BAD  I  UGLY 


those  used  by  nongovernmental 

customers.tinyurl.com/33fpje4 


Do  you  feel  like 
you’re  being 
followed? 


U.S.  WEB  users  should 
be  able  to  sign  up  for  a 
do-not-track  list  that 
would  prohibit  Web 
sites  and  advertising 
networks  from  following 
their  movements  online, 

according  to  the  Federal  Trade  Commission. 

The  do-not-track  list  would  help  consumers 
better  protect  their  privacy  because  a  uniform 
mechanism  for  opting  out  of  online  tracking 
does  not  yet  exist,  the  FTC  said  in  an  online  pri¬ 
vacy  report  released  last  week.  The  do-not-track 
list  could  be  implemented  by  the  Internet  industry  or 
by  Congress,  the  FTC  said. 

The  report  shows  a  failure  of  private  industry  to 
adequately  address  customer  privacy  concerns  online 
FTC  Chairman  Jon  Leibowitz  said  during  a  press  con¬ 
ference.  “Despite  some  good  actors,  self-regulation  of 
privacy  has  not  worked  adequately  and  is  not  working 
adequately  for  American  consumers,”  he  said. 

Another  Sputnik 
moment  for  the  U.S. 

U.S.  SECRETARY  of  Energy  Steven 
Chu  said  last  week  during  a  National 
Press  Club  speech  that  the  United 
States  is  at  risk  of  losing  its 
|:h  worldwide  leadership  in  technol¬ 
ogy,  especially  in  clean 
energy  development. 

Chu  cited  many  numbers  to  make  his  case  — 
and  invoked  comparisons  to  the  Soviets  beating  the 
U.S.  to  the  punch  with  the  Sputnik  1  satellite.  The 
secretary  noted,  for  instance,  that  the  U.S.  has  let  slip 
its  25%  share  of  technology  exports  in  1998  to  about 
half  that  now.  Chu  said  the  issue  can  be  addressed  via 
more  investment  and  new  government  policies. 

RIM  takes  another  kick  at  Kik 

RESEARCH  IN  Motion  last  week  filed  a  patent 
infringement  lawsuit  against  Kik,  a  Canadian  com¬ 
pany  that  makes  an  instant  messaging  app  that 
works  across  BlackBerries  as  well  as  Android 
and  Apple  phones. 

RIM  earlier  had  kicked  Kik  out  of  the  Black- 
Berry  App  World  app  store  for  an  alleged  breach 
of  contract  and  cut  off  Kik  from  RIM’s  BlackBerry 
development  tools.  Kik's  apps  have  gained  a  big  fol¬ 
lowing  in  a  hurry,  with  some  2.5  million  users  since 
launching  in  October. 


Breakthrough 
may  lead 
to  exascale 
supercomputers 


IBM  RESEARCHERS  have 
made  a  breakthrough  in  using 
pulses  of  light  to  accelerate  data 
transfer  between  chips,  which 
could  boost  the  performance 
of  supercomputers  by  more 
than  a  thousand  times.  The  new 
technology,  called  CMOS  Inte¬ 
grated  Silicon  Nanophotonics, 
integrates  electrical  and  optical 
modules  on  a  single  piece  of  sili¬ 
con,  allowing  electrical  signals 
created  at  the  transistor  level  to 
be  converted  into  pulses  of  light 
and  allowing  chips  to  commu¬ 
nicate  at  faster  speeds.  Newer 
supercomputers  already  use 
optical  technology  for  chips  to 
communicate,  but  mostly  at  the 
rack  level  and  mostly  over  a  sin¬ 
gle  wavelength. 

IBM’s  break¬ 
through  will 
enable  optical 
communication 
simultaneously 
at  multiple 
wavelengths, 
said  Will  Green,  silicon 
photonics  research  scientist 
at  IBM.  The  technology  could 
lead  to  massive  advances  in 
the  power  of  supercomputers, 
which  today  top  out  at  around 
2  petaflops,  or  two  thousand 
trillion  calculations  per  second. 
The  photonics  technology  could 
boost  that  to  a  million  trillion 
calculations  per  second,  or 
an  exaflop,  according  to  IBM. 
tinyurl.com/34wwqwz 


Feds  draw  bead 
on  Russian 
behind  botnet 

AN  INTERNET  ringhawking 
counterfeit  male-enhancement 
remedies,  phony  Rolexes  and 
generic  pills  with  false  FDA 
approval  has  led  the  FBI  to  a 
Russian  believed  to  be  behind 
the  Mega-D  botnet,  which  earlier 
this  year  accounted  for  one  in 
10  spam  messages  sent  on  the 
Internet.  Members  of  the  Affking 
ring  told  investigators  they  hired 
a  Russian  spammer  to  distribute 
e-mail  advertisement  for  their 
suspect  wares,  and  backtracking 
through  chat  logs  and  e-com- 
merce  records  yielded  the  name 
of  Oleg  Nikolaenko,  23,  of  Mos¬ 
cow.  An  Affking  member  report¬ 
edly  paid  Nikolaenko  $459,098 
between  June  4  and  Dec.  5  2007, 
indicating  the  scale  of  profits  to 
be  made  from  the  botnet.  It  is 
unclear  whether  Nikolaenko  ran 
Mega-D  or  whether  he  just  leases 
bots  from  the  actual  controllers. 
A  year  ago,  security  firm  FireEye 
took  down  the  Mega-D  botnet 
but  it  rebounded. 
tinyurl.com/32hkyua 
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Managing  smartphones  calls  for  new  realism 


A  November  survey  of  240  senior  enter¬ 
prise  IT  staff  by  Aberdeen  Group  finds 
top-performing  companies  are  actively 
and  strategically  embracing  modern 
mobile  platforms,  especially  Apple’s  iOS. 
But  IT  groups  struggle  to  match  manage¬ 
ment  requirements  with  what  these 
evolving  platforms  currently  support. 

il  Best-in-class*  All  others 
0%  10%  20%  30%  40%  50%  60%  70%  80% 


iPhone 
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BiackBerry 


Android 


Windows 


Symbia 


“Best  in  class"  are  those  companies  that  reported  the 
greatest  improvement  in  making  “timely”  business 
decisions  since  they  began  using  mobile  business 
applications. 


BY JOHN  COX 

THE  SMARTPHONE’S  impact  on  the  enter¬ 
prise  can  be  seen  in  a  small  bank  in  Needham, 
Mass.,  where  its  full-time  staff  of  95  forms  a 
mobility  microcosm.  Today,  over  one  quar¬ 
ter  of  them  are  using  Apple  iPhones  and 
more  recently  iPad  tablets,  where  once 
they  used  Microsoft  Windows  Mobile 
phones. 

“Apple  met  the  minimum  require¬ 
ments  to  make  [the  iOS  operating  system] 
enterprise-friendly  for  me,”  says  James 
Gordon,  Needham  Bank’s  vice  president 
of  IT.  For  the  bank,  that  means  support  for 
Microsoft  Enterprise  ActiveSync  to  con¬ 
nect  users  with  Exchange  Server  e-mail, 
calendars  and  contacts,  and  to  support  a 
range  of  basic  management  features  as 
well  as  on-device  encryption. 

The  mobile  users  can  connect 
remotely  and  securely  to  their  Windows 
desktop  PCs  via  Array  Networks’  Desk- 
topDirect  application  and  appliance, 
and  often  do  so  from  inside  the  bank’s 
headquarters  or  one  of  its  five  branches. 

One  bank  executive  was  using  this  con¬ 
nection  to  type  Exchange  e-mails  with 
his  iPad’s  onscreen  keyboard  while 
almost  within  arm’s  reach  of  his  desktop 
keyboard,  Gordon  recalls. 

“In  the  past,  we  had  Windows  Mobile 
devices,”  Gordon  says.  “But  I  dumped 
them  as  soon  as  I  could  and  ate  the 
early-termination  fees.”  Laptops,  long 
the  staple  mobile  computing  platform 
for  the  enterprise,  are  a  non-starter  at 
the  bank.  “For  as  mobile  as  we  are,  very 
few  people  use  laptops,”  Gordon  says. 

“And  when  they  do,  they  pray,  ‘Please, 

God,  let  this  work.’  ” 

His  comment  highlights  the  dra¬ 
matic  changes  occurring  in  enterprise 
mobility,  confirmed  by  data  from  a 
new  enterprise  IT  survey  by  Aberdeen 
Group  (see  chart).  Companies  are  embracing 
smartphones  with  modern  mobile  operating 
systems  like  Apple  iOS  and  Google  Android, 
despite  the  fact  that  both  lack  the  traditional 
server-based  support  infrastructures  of 
RIM’s  BiackBerry  operating  system  and 
Microsoft’s  Windows  Mobile.  Another  change 
is  that  more  companies  now  are  willing  to  let 
employee-owned  smartphones  have  at  least 
some  access  to  corporate  networks  and  data. 

Managing  smartphone  mobility  requires 
a  new  realism  about  what  can  and  can’t  be 
done.  Done  badly,  smartphone  deployments 
can  result  in  “increased  security  risk,  growing 


access  to  Exchange  e-mail  and  personal  infor¬ 
mation  manager  data,  Gordon  says.  “They’ll 
be  expanding  functionality  and  usability  over 
time.”  In  many  cases,  at  least  to  start,  these 
companies  are  relying  on  the  combination 
of  policies  and  capabilities  in  Exchange  and 
Microsoft  Enterprise  ActiveSync  for  iOS  man¬ 
agement  and  security. 

DeBeasi  identifies  five  broad  “evalua¬ 


■  Help  desk  and  technical  support 
capabilities  to  troubleshoot  mobile 
problems. 

These  criteria  are  a  way  to  identify  the 
key  differences  not  just  in  third-party 
products,  but  also  in  the  underlying 
mobile  operating  systems.  The  manage¬ 
ment  capabilities  offered  in  Apple  iOS 
4.2,  Android  2.2,  and  the  initial  release 
of  Windows  Phone  7  vary  widely. 

Different  requirements  mean  IT 
groups  may  have  to  support  different 
platforms  with  different  capabilities  for 
different  groups  of  users. 

Of  Android,  iOS  and  Windows  Phone 
7,  iOS  is  the  most  mature.  And  that’s 
reflected  in  some  large-scale  enterprise 
deployments  such  as  RehabCare,  a  rehab 
services  provider  that  has  deployed 
nearly  9,000  iOS  devices,  most  of  them 
iPod  Touches. 

In  iOS  4.0,  Apple  made  available  a  set  of 
device  management  APIs  (and  added  file-based 
encryption),  developed  by  working  closely 
with  MDM  vendors  such  as  Mobilelron  and 
Sybase  (which  offers  the  Afaria  product).  Other 
vendors  include  Absolute  Software,  Air  Watch, 
BoxTone,  TrustDigital  and  Zenprise.  With  the 
just-released  4.2  version,  these  APIs  and  addi¬ 
tional  management  and  security  features  are 
now  available  for  enterprise  iPads. 

Apple’s  approach  is  to  use  an  App  Store 
download  to  set  up  a  direct  link  between  the 
iPhone  and  a  server  application  from  one  of  the 
►  See  Smart  phone,  page  JO 


usage  costs  and  diminished  information  tech¬ 
nology  (IT)  control,”  wrote  Paul  DeBeasi,  a 
research  director  at  Gartner,  in  a  July  report 
titled  “Evaluation  Criteria  for  Smartphone 
Mobile  Device  Management.” 

Today,  he  notes,  mobile  device  manage¬ 
ment  (MDM)  is  a  bewildering  collection  of 


applications  that  often  focus  on  very  specific, 
very  narrow  issues,  though  many  vendors  are 
working  toward  products  that  take  a  compre¬ 
hensive  view  of  mobile  management. 

Many  enterprises  are  aware  of  the  relative 
immaturity  of  the  new  mobile  platforms  and 
deploy  accordingly,  says  Jay  Gordon,  vice  presi¬ 
dent  of  Enterprise  Mobile,  a  Watertown,  Mass., 
mobile  integrator  that  is  70%  owned  by  Micro¬ 
soft.  Nearly  a  dozen  of  its  enterprise  clients  are 
deploying  iOS  devices,  in  numbers  ranging 
from  a  few  hundred  to  several  thousand. 

“They  all  plan  on  [initially]  deploying 
iPhones  in  a  fairly  basic  format,”  mainly  for 


tion  categories”  when  considering  MDM 
products: 

■  The  level  of  control  required 
over  applications  installed  on  the 
smartphone. 

■  Security  features  such  as  authenti¬ 
cation  mechanism  (including  password 
control  and  enforcement),  encryption 
and  remote  data  wipe. 

■  Defining  and  enforcing  mobile  poli¬ 
cies  for  groups  of  mobile  users. 

■  Support  for  the  specific  operat¬ 
ing  systems  and  devices  being  used, 
including  operating  system  updates  and 
removable  media,  such  as  SD  cards. 
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Verizon  sets  the  bar  for  future  LTE  launches 

Offers  5GB,  10GB  plans,  charges  $10  per  gigabyte  overage 


BYBRADREED 

VERIZON  last  week  laid  down  some  impor¬ 
tant  markers  that  AT&T  and  T-Mobile  will 
try  to  match  or  best  when  they  launch  their 
own  LTE  networks  next  year. 

For  starters,  Verizon  has  set  the  bar  pretty 
high  in  terms  of  initial  4G  coverage.  Whereas 
Sprint  and  Clearwire  started  rolling  out  their 
4G  WiMAX  network  in  Baltimore  and  have 
spent  the  past  two  years  launching  4G  cover¬ 
age  on  a  city-by-city  basis,  Verizon  is  launch¬ 
ing  its  LTE  network  in  38  major  markets 
over  the  next  month  alone.  Verizon  estimates 
that  its  network  in  these  markets  will  cover 
roughly  one-third  of  the  U.S.  population 
and  will  also  be  available  to  travelers  who 
are  spending  time  at  60  airports  around  the 
country.  The  carrier  plans  to  have  its  entire 
current  3G  footprint  upgraded  to  LTE  by  the 
end  of  2013. 

Verizon  has  also  set  high  expectations  in 
terms  of  data  speeds.  The  carrier  says  users 
can  expect  between  5M  and  12Mbps  on  the 
downlink  and  around  2Mbps  on  the  uplink. 
Even  if  the  network  averages  only  5Mbps 
on  the  downlink,  it  will  be  well  in  line  with 
Sprint’s  WiMAX  network,  which  averaged 
between  2.5M  and  4Mbps  at  its  inception. 
Verizon  says  latency  on  its  LTE  network  will 
be  half  of  what  users  currently  experience  on 
its  3G  network. 

In  terms  of  plans  and  pricing,  Verizon  so 
far  has  committed  to  two  capped  data  plans: 
a  $50-per-month  plan  that  offers  5GB  of 
data  consumption,  and  an  $80-per-moiith 
plan  that  offers  10GB  of  data  consumption. 
While  users  will  be  allowed  to  go  over  their 
monthly  limits  on  both  plans,  Verizon  says 
it’s  going  to  charge  users  $10  per  gigabyte  of 
extra  data  consumed.  Verizon  Wireless  CTO 
Tony  Melone  said  the  carrier  will  send  users 
text  alerts  when  they  have  reached  certain 
monthly  data  thresholds  and  will  alert  them 
when  they  have  consumed  50%,  75%,  90% 
and  100%  of  their  monthly  data  allowance. 

And  finally,  when  it  comes  to  devices, 
Verizon  is  initially  offering  only  two  differ¬ 
ent  types  of  LTE  USB  modems  for  laptops. 
Both  modems  will  cost  about  $100  and  will 
require  signing  a  two-year  contract.  When 
asked  if  the  company  plans  to  offer  any  no¬ 
contract  plans  on  its  LTE  network  in  the  near 
future,  Melone  said  he  wasn’t  sure.  He  said 
Verizon  will  be  announcing  its  first  LTE- 
based  smartphones  this  January  at  the  Con¬ 
sumer  Electronics  Show  in  Las  Vegas  and 


Verizon’s  LTE  vs.  Clearwire’s  WiMAX 


A  quick  breakdown  of  what  both  services  offer 


Clearwire 

Verizon 

Plans 

$45  for  unlimited  data 

$50  for  5GB  a  month,  $80  for  10GB  a  month 

Speeds 

Average  speeds 
between  3M  and  6Mbps 

Average  speeds  between 

5M  and  12Mbps 

Coverage 

Over  68  markets,  cover¬ 
ing  120  million  people 

38  major  U.S.  markets  by  end  of  2010, 
covering  110  million  people 

Third-party 

wholesalers? 

Sprint,  Time-Warner 
Cable,  Comcast 

None  yet,  although  Verizon  plans  to  have 
small  rural  carriers  license  its  spectrum  to 
reach  places  Verizon's  LTE  network  can’t 

consumers  could  expect  to  see  LTE  phones 
hit  the  market  by  mid-2011  at  the  latest. 

4G  technologies  such  as  LTE  and  WiMAX 
represent  the  next  stage  in  the  evolution  of 
wireless  data  technologies  and  generally 
deliver  average  download  rates  of  3Mbps 
or  higher.  In  contrast,  today’s  3G  networks 
typically  deliver  average  download  speeds 


about  one-tenth  that  rate.  Until  today’s  Veri¬ 
zon  LTE  announcement,  Sprint  had  been  the 
only  major  carrier  to  offer  4G  services  in  the 
United  States;  its  WiMAX  network  has  been 
up  and  running  commercially  for  more  than 
two  years.  Rival  carriers  T-Mobile  and  AT&T 
are  expected  to  launch  LTE  networks  of  their 
own  sometime  next  year.  * 


►  Smartphone,  from  page  9 

vendors,  says  Jesse  Lindeman,  Mobilelron’s 
director  of  product  management.  Technically, 
the  downloaded  app  has  no  other  function, 
and  the  MDM  server’s  capabilities  are  lim¬ 
ited  to  what  Apple  has  enabled  in  iOS,  such  as 
pushing  a  configuration  change  to  the  iPhone 
without  involving  the  end  user,  or  download¬ 
ing  native  enterprise-built  iOS  apps. 

But  some  vendors,  such  as  Mobilelron  and 
Sybase,  are  adding  support  to  their  on-device 
clients  to  enable  additional  features,  such  as 
running  tests  to  determine  if  the  iPhone  has 
been  jailbroken  (which  lets  it  load  applications 
outside  of  the  App  Store),  or  to  make  use  of  the 
phone’s  location  information. 

In  contrast,  Android  2.2  is  not  as  advanced. 
It  added  support  for  Microsoft  Exchange 
Server  and  lets  IT  set  password  policies  on 
Android  phones,  remotely  lock  them  and,  if 
needed,  reset  them  to  factory  defaults  (thereby 
wiping  them  of  data,  but  not  data  stored  on  an 
SD  card).  Mobilelron,  for  example,  issues  a 
second  command  to  erase  the  card. 

“I  don’t  see  Google  [yet]  having  the  same 
approach  as  Apple  in  terms  of  the  level  of 


study,  collaboration  and  software  develop¬ 
ment  to  address  enterprise  management  and 
security,”  says  Andrew  Borg,  a  senior  research 
analyst  at  Aberdeen. 

Borg’s  ongoing  surveys  of  enterprise  IT 
groups  confirm  the  rapid  adoption  of  smart¬ 
phone  platforms.  His  most  recent  study  reveals 
that  those  companies  seeing  the  most  dramatic 
measurable  payback  from  smartphone  mobil¬ 
ity  are  those  that  are  now  rapidly  developing  a 
new  style  of  application. 

These  are  lightweight,  simple,  highly 
focused  apps  —  of  the  type  pioneered  by  the 
iPhone  —  which  can  pull  data  from  wherever 
it  resides  and  bring  it  to  smartphone  users, 
singly  or  in  groups,  to  be  used  in  quickly  mak¬ 
ing  critical  business  decisions. 

The  increasing  importance  of  such  mobile 
apps  underscores  the  need  for  effectively 
managing  these  diverse  and  fast-changing 
deployments. 

“It  is  impossible  to  provide  identical  levels 
of  support  for  all  users  and  all  smartphone 
platform  types,”  according  to  Gartner’s 
DeBeasi.  “Enterprises  must  put  in  place  poli¬ 
cies  and  procedures  that  enable  the  manage¬ 
ment  of  mobile  diversity.”  ■ 


10  DECEMBER  6, 2010  www.networkworld.com 


Rely  on  one  network  right 
where  your  team  needs  it. 

Sprint  Global  MPLS  gives  you  the  upper  hand  by  converging  voice, 
video  and  data  on  a  single  IP-based  network.  Sprint  Global  MPLS  also 
gives  you  best-in-class  network  performance,  with  industry-leading 
SLAs  and  Class  of  Service  at  no  additional  charge  to  get  you  started. 

1-866-653-1056  sprint.com/convergence 
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TREND  ANALYSIS 


►  Firewall ,  from  page  1 

all  of  that  activity,  actual  use  of  advanced 
firewalls  today  is  still  very  low,  according  to 
Gartner  which  has  promoted  NGFW  for  the 
past  few  years. 

“We  believe  that  less  than  1%  of  interconnec¬ 
tions  secured  today  are  using  NGFW,”  says 
Gartner  analyst  Greg  Young.  But  he  predicts 
that  figure  will  hit  35%  by  2014. 

But  NGFW  —  not  quite  a  scientific  term  yet 
more  than  just  pure  marketing  —  remains 
unsettled.  There  have  not  yet  been  any  inde¬ 
pendent  third-party  lab  tests  of  so-called 
NGFW  products,  several  vendors  point  out. 
ICSA  Labs  is  discussing  a  possible  NGFW  test 
of  various  products,  says  Fortinet,  but  part  of 
the  challenge  is  nailing  down  a  clear  definition 
of  what  NGFW  is.  Gartner,  which  has  its  own 
definition  of  the  term  (see  chart),  is  aware  that 
“some  vendors  have  application  control  and 
some  are  more  advanced  in  IPS,”  says  Young. 
“The  majority  of  the  enterprise  firewall  ven¬ 
dors  are  at  the  early  stages  of  this.  Palo  Alto  is 
dragging  established  vendors  into  it.” 

The  terminology  issue  is  further  confused 
by  the  term  Unified  Threat  Management 
(UTM),  a  phrase  coined  by  IDC  analyst 
Charles  Kolodgy,  who  says  that  UTM  has 
roughly  the  same  meaning  as  NGFW.  But 
Gartner  argues  that  UTM  should  apply  to 
security  equipment  used  by  small  and  mid¬ 
size  businesses,  while  NGFW  is  supposed  to 
be  for  large  enterprises  with  1,000  employ¬ 
ees  and  up. 

Despite  this  clash  of  idioms  and  the  fact 
that  there’s  only  a  tiny  installed  base  of 
customers  using  what  are  presumed  to  be 
NGFW  systems,  security  vendors  do  appear 
to  recognize  that  demand  for  consolidated 
multipurpose  enterprise  security  appli¬ 
ances  is  likely  to  rise. 

“The  market  trends  are  moving  in  that  direc¬ 
tion,”  says  Patrick  Bedwell,  vice  president  of 
product  marketing  at  Fortinet,  which  last 
week  announced  the  Fortigate-5001B  security 
blade  for  its  5000  series  appliance  family.  The 
Fortigate-5001B  can  reach  up  to  40Gbps  —  a 
big  leap  over  its  previous  limit  of  8Gbps.  “Leg¬ 
acy  firewalls  can’t  keep  up.  The  focus  needs  to 
be  on  application  control  as  threats  are  getting 
more  complex,”  says  Bedwell. 

The  FortiGate  firewall/VPN  security  blade 
is  application-aware  for  about  1,300  applica¬ 
tions  and  can  establish  granular  controls 
on  user  behavior  with  applications,  along 
with  time  frame  limitations  and  bandwidth 
management. 

Other  vendors  are  joining  the  NGFW 
movement,  too.  McAfee,  for  example,  says 
its  Enterprise  Firewall  v.  8  is  now  an 


NGFW,  thanks  to  changes  it  made  to  the 
product  last  June. 

“We  reworked  the  application  engine  so 
we  could  detect  and  fully  inspect  over  1,000 
applications,”  says  Greg  Brown,  McAfee’s 
director  of  network  defense  product  mar¬ 
keting.  “We  made  the  engine  extensible,  and 
there  are  application  updates  each  week.” 

McAfee  Enterprise  Firewall  v.  8  reaches 
lOGbps.  But  to  head  into  higher  speeds, 
McAfee  partnered  with  Crossbeam  Systems 
to  be  able  to  reach  40Gbps  on  their  platform. 
McAfee  is  working  to  get  higher  speeds  on  its 
own  appliances. 

And  does  the  “do-it-all,  know-it-all”  firewall 
really  have  an  IPS  function  as  effective  as  a 
stand-alone  IPS?  Brown  acknowledges  that  it’s 
hard  to  know,  and  that  no  independent  tests  for 
this  have  been  done,  but  “the  intention  is  to  do 
as  effective  a  job  as  a  stand-alone  IPS.” 

In  comparison  to  a  “conventional  firewall” 
that  mainly  looks  at  IP  network  ranges,  says 
Brown,  the  NGFW  way  of  doing  things  in 
application  control  does  represent  a  new 
technology  for  most  customers. 

There’s  appeal  in  using  capabilities  such  as 
Microsoft  Active  Directory  integration  to  set 
up  user  groups  for  authorized  applications. 
So  far,  though,  most  McAfee  customers  are 
trying  out  advanced  firewall  features  gin¬ 
gerly  with  some  applications,  not  all,  to  see 
what  impact  policy  controls  have. 

Health  club  chain  24  Hour  Fitness,  which 
has  more  than  400  clubs  in  the  U.S.  and 
abroad,  deployed  the  Palo  Alto  Networks 
application-aware  firewall  last  summer  and 
is  giving  it  a  workout. 

Justin  Kwong,  senior  director  of  IT  opera¬ 
tions  and  security  there,  says  there’s  not 
only  a  cost  justification  in  switching  to  Palo 
Alto’s  consolidated  architecture;  he  says  his 
staff  now  gets  a  much  better  picture  of  what’s 
happening  using  features  such  as  reputation- 
based  filtering. 

The  company  is  making  use  of  Palo  Alto’s 
integration  with  Active  Directory  to  set  up 
policy  controls  regarding  applications  for 
employees,  but  the  use  is  “not  that  granular 
yet,”  says  Kwong,  noting  there’s  a  learning 
curve  regarding  application  control.  In  addi¬ 
tion,  Kwong  doesn’t  believe  his  organization 
as  yet  needs  to  migrate  completely  to  the 
NGFW  model,  since  the  need  for  application- 
aware  controls  may  not  exist  in  all  parts  of  the 
network  or  data  center. 

IDC’s  Kolodgy  says  such  attitudes  toward 
application-based  controls  are  to  be  expected. 
“Use  it  in  limited  use  until  you  are  comfortable 
with  it  and  then  expand  its  use,  which  is  exactly 
how  IDS  transitioned  into  IPS,”  he  advises. 

In  addition,  although  the  NGFW  represents 


What  is  a  ‘Next 

Generation  Firewall’? 

Gartner’s  “must-have”  NGFW  definition 
includes  the  following  points: 

It  must  have  standard  firewall  features, 
such  as  network  address  translation, 
stateful  inspection  and  VPN.  And  it 
must  be  suited  for  a  large  enterprise. 

The  intrusion-prevention  system  must 
be  “truly  integrated”  with  the  firewall. 

It  must  have  an  “application- 
awareness”  capability  to  recognize 
applications  and  set  controls. 

It  must  offer  “extra-firewall” 
intelligence  to  bring  in  information 
to  help  make  decisions.  Examples 
include  reputation  analysis, 
integration  with  Active  Directory, 
and  blocking  or  vulnerability  lists. 

The  term  NGFW  is  one  primarily  formulated  by 
Gartner,  which  advocates  that  the  traditional  enterprise 
firewall  industry  advance  around  the  concept. 


security  consolidation,  Kwong  has  some  reser¬ 
vations  about  that.  He  says  he  also  plans  to  con¬ 
tinue  using  open-source  IPS  as  “a  second  set  of 
eyes”  in  addition  to  the  Palo  Alto  IPS  function¬ 
ality.  “I’ll  never  consolidate  everything  in  one 
box,”  says  Kwong,  adding  “I’m  never  going  to 
rely  solely  on  one  vendor.” 

And  what  about  the  question  of  how  any  of 
the  NGFW  security  applies  when  users  aren’t 
even  behind  a  firewall,  such  as  when  they’re 
travelling  with  a  laptop  or  using  a  mobile 
device? 

“We  can  expand  to  the  user’s  machine  not 
on  the  network,”  says  Chris  King,  director 
of  product  marketing  at  Palo  Alto  Networks. 
The  company  already  has  a  VPN  client  that 
can  drag  user  traffic  back  to  the  customer’s 
NGFW  point,  but  early  next  year  Palo  Alto 
will  offer  what  it  calls  a  GlobalProtect  smart 
VPN  client,  which  will  know  where  the  user 
is  in  the  world  and  will  direct  the  client  to  the 
nearest  gateway.  “There’s  a  hierarchy  of  gate¬ 
ways  that  manages  a  list  of  gateways,  and  the 
client  knows  where  the  nearest  gateway  is,” 
King  says.  This  capability  enables  some  level 
of  data-loss  prevention,  he  adds. 

Palo  Alto  also  sees  the  ability  to  do  SSL 
inspection  as  a  big  plus  for  its  package,  which 
opens  up  inbound  and  outbound  traffic, 
based  on  a  trusted  environment  where  a 
user’s  desktop  certificate  is  shared.  “We’d 
open  it  to  make  sure  it’s  an  allowed  applica¬ 
tion,  then  re-encrypt,”  King  said.  ■ 
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HP  and  IBM  labs 


R&D  still  a  priority  at  Microsoft, 

BY  JAMES  NICCOLAi,  NANCY  GOHRING  AND  JOAB  JACKSON,  IDG  NEWS  SERVICE 


AT  MICROSOFT,  HP  and  IBM,  investment 
in  research  and  development  is  a  reflection 
of  corporate  culture.  HP  prides  itself  on  its 
pragmatism,  while  Microsoft  holds  the  flag  of 
basic  research  aloft  —  and  IBM  continues  to 
file  more  patent  applications,  year  after  year, 
than  any  other  tech  company. 

HP  Labs 

Inventing  ways  to  do  more  with  less 

HP  Labs  has  seen  some  big  changes  in  the 
past  few  years.  In  2007  it  hired  Prith  Baner- 
jee,  the  dean  of  engineering  at  the  University 
of  Illinois-Chicago,  as  its  new  director.  A  year 
later  the  labs  started  to  narrow  its  focus  from 
the  150  or  so  projects  its  scientists  had 
been  working  on  to  20  “big  bets.” 

The  labs  had  lost  its  focus,  with 
researchers  squirreling  away  in  small 
groups  on  projects  that  didn’t  always 
serve  HP’s  wider  goals.  Banerjee  calls 
the  new  approach  “innovation  with 
purpose.”  He  has  arranged  the  big  bets 
around  eight  broad  areas  that  HP  sees 
as  core  to  its  future,  including  analyt¬ 
ics,  data  management,  intelligent 
infrastructure,  sustainability  and,  of 
course,  the  cloud. 

Banerjee  brushes  off  the  criticism 
that  HP  Labs  may  be  underfunded. 

Last  fiscal  year  the  company  invested 
2.5%  of  its  total  revenue  in  R&D,  com¬ 
pared  to  6.1%  of  revenue  at  IBM  and 
14%  at  Microsoft.  That’s  still  $2.8  bil¬ 
lion,  however,  of  which  the  labs  budget 
is  only  a  fraction  —  in  2008  it  was  $150  Tril¬ 
lion.  The  vast  majority  is  spent  on  later-stage 
development  in  HP’s  product  groups. 

“People  get  all  hung  up  on  this  percentage 
of  revenue  figure,  but  I  could  spend  a  ton  of 
money  doing  completely  useless  research 
and  development,”  Banerjee  says.  “It’s  the 
research  output  that  matters,  not  the  amount 
of  dollars  you  put  in.” 

Displays  are  one  big  focus  for  the  company. 
HP  doesn’t  manufacture  displays,  but  it  sells 
around  70  million  of  them  each  year  in  PCs, 
printers  and  other  products.  If  it  could  come 
up  with  a  radically  cheaper  way  to  make  dis¬ 
plays,  HP  could  license  the  technology  to  oth¬ 
ers  and  also  lower  its  own  product  costs,  says 
Carl  Taussig,  director  of  HP’s  Information 
Surfaces  Lab. 

To  do  that  it  is  trying  to  come  up  with  a 
completely  new  manufacturing  technique. 
Today,  displays  are  produced  essentially  one 
at  a  time,  using  a  photolithography  technique 


similar  to  that  used  for  semiconductors.  But 
Taussig  and  his  team  have  been  developing 
a  “roll-to-roll”  process  that  allows  manufac¬ 
turers  to  almost  literally  print  circuitry  onto 
screens  one  after  the  other. 

The  process  could  go  into  production  for 
certain  types  of  screens  in  as  little  as  two  to 
three  years,  he  said.  HP  has  custom-built 
machinery  running  in  its  labs  that  can  “print” 
displays  at  5  meters  per  minute  from  long 
sheets  of  a  thin  polymer  material.  HP’s  break¬ 
through  was  to  invent  an  imprint  lithography 
process  that  allows  the  circuits  to  be  layered 
on  top  of  each  other  on  the  flexible  screens  but 
still  stay  in  perfect  alignment,  Taussig  says. 


LCDs  cost  about  $100  per  square  foot  to 
produce  today,  and  the  roll-to-roll  method 
could  reduce  that  to  $10,  he  says. 

Printing  is  another  focus,  but  not  the  type 
found  in  homes  and  offices.  Most  of  the  opti¬ 
mization  for  those  products  has  already  been 
done,  so  the  labs  are  focused  instead  on  digi¬ 
tal  commercial  printing  presses,  says  Eric 
Hanson,  director  of  HP’s  Commercial  Print 
Engine  Lab. 

The  labs  have  already  developed  a  new 
type  of  ink  for  HP’s  Indigo  digital  press.  Han¬ 
son  wouldn’t  reveal  anything  about  the  newer 
presses  HP  is  developing.  But  he  was  keen  to 
show  off  a  technology  that  could  help  smooth 
the  industry’s  transition  from  analogue  to 
digital  printing,  and  thus  eventually  help  HP 
to  sell  more  equipment. 

One  obstacle  for  the  industry  is  that  paper 
mills  don’t  have  an  efficient  way  to  remove 
digital  ink  from  all  types  of  paper  —  some¬ 
thing  they  need  to  do  when  they  recycle 


magazines  and  brochures  to  make  new  paper. 
So  one  member  of  Hanson’s  team,  Hou  Ng, 
has  developed  a  “surfactant”  that  allows  digi¬ 
tal  and  other  inks  to  be  skimmed  off  in  a  foam 
after  the  pulping  process. 

HP  plans  to  give  away  the  formula  so  that 
other  companies  can  produce  the  chemical, 
Ng  says.  The  idea  is  remove  any  obstacles 
that  could  prevent  the  digital  print  market 
from  expanding. 

The  labs’  narrower  focus  doesn’t  mean  it 
works  only  on  projects  tied  to  HP  products. 
HP  doesn’t  design  its  own  server  chips  any 
more,  for  example,  but  it  continues  to  invest 
in  microelectronics.  In  August  it  announced 
a  partnership  with  Hynix  to  commercialize  a 
new  memory  technology  called  memresistor 
that  derives  from  work  in  HP  Labs. 
The  labs  also  contributed  a  video 
compression  technology  for  HP’s 
Halo  and  Skyline  videoconferencing 
systems,  and  its  on-demand  maga¬ 
zine  printing  service,  MagCloud 
began  as  an  idea  in  HP  labs. 

Microsoft 

Keeping  the  focus 
on  pure  research 

Microsoft  likes  to  boast  that  it’s  one  of 
the  few  remaining  public  companies 
that  still  does  pure  research,  includ¬ 
ing  kinds  that  might  not  turn  into 
products  for  many  years. 

“Many  of  the  other  companies  that 
used  to  have  research  labs,  in  previ¬ 
ous  downturns  they  told  their  labs 
to  focus  on  doing  something  incre¬ 
mental,  to  fill  gaps  in  their  product  lines,” 
says  Andrew  Herbert,  managing  director  of 
Microsoft  Research  Cambridge. 

Despite  the  economic  downturn,  Microsoft 
views  research  as  critical  to  its  future.  In  fact, 
it  says  that  pure  research  is  especially  impor¬ 
tant  during  downturns. 

“I  think  of  research  as  one  of  the  things 
that  we  have  to  do  and  elect  to  do  in  order  to 
ensure  we  survive  over  the  long  term,”  Craig 
Mundie,  Microsoft’s  chief  research  and  strat¬ 
egy  officer,  said  early  last  year  at  an  annual 
research  event.  Companies  that  cut  research 
in  the  face  of  short-term  pressure  or  never 
start  pure  research  tend  not  to  last  very  long, 
he  said.  “My  belief  is  the  company  would 
struggle  to  survive  and  prosper  if  we  didn’t 
have  research  investment,”  he  said. 

Microsoft’s  research  group,  which  includes 
1,000  people  spread  across  six  labs  around 
the  world,  has  a  mission  of  advancing  the 
state-of-the-art  in  computer  science,  Herbert 


HP  research  scientists  Manoj  Bhattacharyya  and  Laurie 
Mittelstadt  finish  work  on  a  de-inking  technology  at  HP's 
Commercial  Print  Engine  lab. 
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says.  It  is  also  tasked  with  looking  at  ways  that 
those  advancements  might  support  Microsoft 
products. 

Microsoft  researchers  come  from  a  wide 
range  of  disciplines  and  have  the  freedom  to 
pursue  subjects  that  interest  them,  Herbert 
said.  They  include  psychologists,  ethnogra¬ 
phers,  sociologists,  mathematicians,  astrono¬ 
mers  and  physicists. 

When  asked  how  he  decides  what  the 
researchers  should  focus  on,  Herbert  says: 
“The  glib  answer  is,  we  don’t.”  Instead,  the 
goal  is  to  hire  smart  people  and  give  them  the 
chance  to  pursue  topics  they  want  to  work  on. 

The  company  has  been  criticized  for  not 
doing  a  particularly  great  job  turning  research 
projects  into  products,  says  Matt  Rosoff,  an 
analyst  with  Directions  on  Microsoft.  “The 
transfer  between  research  and  product  groups 
has  been  slow  at  times.  They  might  come  up 
with  good  ideas  but  it’s  not  clear  how  to  turn 
those  ideas  into  products.” 

Still,  he  also  says  that  even  when  Micro¬ 
soft  does  find  a  way  to  use  technologies 
developed  in  the  research  group  in  commer¬ 
cial  products,  it  doesn’t  always  do  a  good  job 
talking  about  it.  For  instance,  technologies 
developed  in  the  research  group  ended  up 
in  Microsoft’s  digital  rights  management 
products,  its  SQL  Server,  and  development 
languages  like  C#. 

Microsoft  Research  is  boasting  about 
its  role  in  developing  technologies  behind 
Kinect,  the  new  Xbox  product  that  will  allow 
users  to  play  games  without  a  controller.  The 
Xbox  group  had  done  work  developing  the 
system  that  tracks  user  movements. 

In  a  company  like  Microsoft,  it  can  be  hard 
to  know  how  much  goes  toward  pure  research, 
Rosoff  noted.  The  last  time  that  Rosoff ’s  firm 
investigated  Microsoft’s  research  budget  was 
2002,  when  it  concluded  that  about  5%  of  the 
company’s  research  and  development  budget 
was  pure  research.  At  the  time,  that  amounted 
to  about  $250  million,  he  says.  He  estimates 
that  budget  has  grown  now  to  around  $500 
million  a  year. 

IBM 

Research  is  survival 

When  the  economic  conditions  are  difficult, 
the  temptation  of  any  large  company  is  to 
slash  its  research  and  development.  After 
all,  for  most  corporations,  research  does  not 
directly  contribute  to  the  bottom  line,  and 
given  its  speculative  nature,  may  never  do  so. 

Still,  when  the  global  economy  hit  the  dol¬ 
drums  in  2008  and  2009,  IBM  shielded  its 
R&D  work  from  budget  reductions. 

“I’ve  never  been  pressured  to  look  for 
places  to  cut,”  says  Robert  Morris,  the  IBM 


vice  president  who  heads  up  the  company’s 
research  in  the  field  of  services.  For  IBM, 
research  is  not  a  luxury  or  a  public  relations 
play;  it  is  essential  to  the  company’s  survival. 

“Many  companies  are  reacting  to  the  cur¬ 
rent  global  downturn  by  drastically  curtail¬ 
ing  spending  and  investment,  even  in  areas 
that  are  important  to  their  future  [while]  we’re 
continuing  to  invest  in  R&D,”  IBM  President 
and  Chairman  Sam  Palmisano  instructed 
company  shareholders  in  a  2009  letter.  “In 
other  words,  we  will  not  simply  ride  out  the 
storm.  Rather,  we  will  take  a  long-term  view, 
and  go  on  offense.” 

Since  2002,  IBM  has  increased  R&D  spend¬ 
ing  21%.  In  2009,  it  had  spent  $5.8  billion  on 
R&D.  The  company  now  employs  3,000 
researchers  across  eight  labs  worldwide,  and 
is  building  a  ninth  lab  in  Brazil. 

Rarely  a  week  goes  by  without  word  of 
some  new  IBM  innovation:  In  the  middle  of 
September,  the  company  announced  that  it 
was  shipping  the  world’s  fastest  micropro¬ 
cessor.  The  week  before,  Big  Blue  announced 
that  it  invented  an  optical  bus  that  added 
another  50%  in  throughput  speed.  And  the 
week  before  that,  it  announced  a  virtualiza¬ 
tion  technology  that  solved  the  problem  of 
moving  live  virtual  workloads  across  differ¬ 
ent  data  centers. 

And  some  of  IBM’s  inventions  have 
changed  the  world,  even  if  they  sometimes 
show  up  in  fields  far  from  IT.  IBM  can  lay 
claim  to  not  only  inventing  the  personal  com¬ 
puter,  the  disk  drive  and  relational  database, 
but  also  the  SABRE  travel  reservation  sys¬ 
tem,  the  technique  that  led  to  LASIK  eye  sur¬ 
gery  and  a  blood  separator  technology  used 
to  treat  leukemia. 

IBM  has  held  the  record  for  most  U.S. 


Patents  issued  in  a  year  for  the  past  17  years 
—and  the  recession  hasn’t  slowed  the  com¬ 
pany.  In  2008  it  received  more  than  4,186 
patents  and  in  2009  the  number  had  jumped 
to  4,914.  But  perhaps  the  best  measure  of  suc¬ 
cess  is  not  the  number  of  patents  it  is  awarded, 
but  how  well  IBM  profits  from  this  work. 

In  fact,  IBM  has  made  headway  on  one  of 
the  most  difficult  problems  facing  any  com¬ 
pany  investing  in  R&D:  How  to  turn  the 
research  into  business.  The  trick,  Morris 
explained,  is  to  get  the  business  units  and 
even  clients  involved  in  choosing  which  proj - 
ects  to  pursue.  “We  do  not  build  things  in  the 
lab  and  figure  out  how  to  transfer  them  into 
the  field.  We’re  not  an  ivory  tower.  We’re  not  a 
sandbox,”  Morris  said. 

Each  year,  the  labs  present  an  outlook 
report  to  the  IBM  chairman  suggesting  future 
trends  IBM  should  follow.  Analytics,  for 
instance,  was  highlighted  in  a  report  nearly  a 
decade  ago.  Earlier  this  year,  IBM  announced 
that  it  anticipates  that  analytics  will  generate 
up  to  $16  billion  in  annual  revenue  for  the 
company  by  2014. 

Not  surprisingly,  the  company  is  investing 
heavily  into  areas  where  it  feels  the  applica¬ 
tion  of  IT  may  revolutionize  some  field,  such 
as  analytics,  city  planning,  health  care,  biol¬ 
ogy  or  energy. 

Healthcare  is  another  area  of  interest  to 
IBM.  In  July,  the  company  announced  that 
it  would  invest  $100  million  in  healthcare 
technology.  The  company’s  Zurich  research 
center  is  working  on  what  it  calls  a  lab-on- 
a-chip  that  could  cut  the  costs  of  lab  testing. 
This  device  is  actually  a  small  strip  that  can 
soak  up  a  sample  of  blood  and  detect  pro¬ 
teins  that  are  tell-tale  signs  of  viruses  and 
diseases.  ■ 
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THE  NEW  INTELLIGENT  ENTERPRISE 

The  New  Role 


Ten  years  ago,  executives  looked  to 
IT  for  technical  solutions  to  support 
business  units.  Today,  analytics  has 
dramatically  changed  that  function, 
says  Beth  Holmes,  IT  Analytics 
Lead  for  Monsanto.  Now  IT 
managers  are  sought  after  for  the 
answers  they  can  provide  to  build 
competitive  advantage  and  guide 
strategic  decision  making. 


From  the  Editor-in-Chief,  MIT  Sloan  Management  Review 


ith  a  Ph.D.  in  plant  breeding  and  genetics  and  years 
of  information  technology  project  management, 
Beth  Holmes  brings  the  discipline  of  a  scientist  to 
her  role  as  IT  Analytics  Lead  at  Monsanto  Company,  the 
seed  and  crop  protection  chemical  company. 

In  its  essence,  her  job  is  to  answer  questions  for  the  company 
through  exploratory  analytics.  Her  group  scopes  out  high-value 
targets,  does  cost  modeling,  looks  at  sales  forecasting,  and  uses  mul¬ 
tiple  methodologies  to  aid  long-range  planning.  These  can  include 
testing  assumptions  about  the  macroeconomic  drivers  behind  the 
trends  in  agriculture.  “Understanding  the  possibilities  of  things  that 
may  happen  are  really  critical  to  our  ability  to  operate  profitably,” 
Holmes  says. 

“Five  years  ago,  people  would  have  viewed  analysis  as  almost 
synonymous  with  reporting,”  she  says.  But  seeing  what  analytics  can 
do  is  starting  to  change  what  executives  ask  for.  “The  work  changes 
the  conversation  that  IT  has  with  the  business  units,”  says  Holmes. 
“It  changes  the  perspective  of  the  value  that  IT  brings.” 

Holmes  spoke  about  myth-busting,  question-asking,  and  why  the 
simplest  solution  is  often  the  smartest  with  MIT  Sloan  Management 
Review  Editor-in-Chief,  Michael  S.  Hopkins. 

Continued  on  page  2 
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You've  said  that  analytics  is  about  the  quest  for  the 
best  set  of  leading  indicators  that  you  can  get  to  in¬ 
form  your  business.  Have  those  indicators  changed 
over  the  last  few  years? 

Yes,  and  actually,  that’s  part  of  the  evolution  of  using 
analytical  capability.  If  you’re  running  models,  then 
of  course  you  have  to  not  only  look  at  the  results  but 
also  at  the  variables  that  go  into  those  models:  what  the 
relationship  is  between  them,  and  is  that  relationship 
behaving  as  expected.  Those  relationships  change  over 
time,  and  it’s  really  the  ability  to  detect  that  change  that 
provides  companies  with  a  competitive  edge. 

We  make  sure  that  people  are  educated  on  the  re¬ 
lationships  and  assumptions  that  underpin  the  models 
—  and  that  we  have  the  capability  to  monitor  those 
relationships  as  well  as  generate  the  model  results. 

Do  you  find  that  conventional  wisdom  in  the  indus¬ 
try  is  wrong  once  you  bring  models  to  bear  on  it? 

It’s  definitely  very  common  to  both  do  a  little  myth- 
busting  and  to  confirm  conventional  wisdom.  Both 
things  occur  on  a  regular  basis.  But  the  bigger  point  is 
that  even  when  you  either  dispel  a  myth  or  you  confirm 
conventional  wisdom,  you  have  to  keep  in  mind  that 
tomorrow  that  relationship  may  change. 

How  has  the  IT  department's  relationship  to  the 
company  changed? 

We’ve  always  had  a  really  strong  R&D  effort,  but  we’re 
seeing  an  increasing  appetite  to  use  analytical  methods 
in  every  level  of  our  business.  We’ve  essentially  found 
our  way  out  of  R&D  and  into  the  business  units.  It’s 
exciting  to  me  to  see  that,  because  as  business  units  rec¬ 
ognize  how  they  impact  one  another,  there’s  a  feeling 


that  they  need  to  get  more  out  of  their  data  not  just  for 
their  own  use  but  for  the  interaction  between  groups. 
That’s  how  a  group  like  my  team  really  helps:  we  can 
step  across  and  not  only  help  bridge  those  silos,  but  also 
bring  new  techniques  forward  and  help  bring  those 
folks  who  are  already  used  to  doing  analysis  up  on 
those  techniques.  It’s  important  that  you  understand 
what  an  analysis  is  doing  for  you  and  to  you  to  use  data 
effectively  in  decision  making. 

This  work  changes  the  conversation  that  IT  has  with 
the  business  units  that  it  works  with.  In  some  cases  it 
changes  the  perspective  of  the  value  that  IT  brings. 
We’re  used  to  being  sought  after  for  technical  solutions 
of  a  different  type  —  for  the  software,  hardware  and 
service  that  we  provide  to  support  the  business  units. 
It’s  different  to  be  sought  after  for  the  answers  that  we 
can  provide. 

So  how  has  Monsanto's  use  of  analytics  and  data 
changed? 

Five  years  ago,  people  would  have  viewed  analysis  as  al¬ 
most  synonymous  with  reporting.  That  work  is  critical, 
but  being  able  to  take  the  broader  view  and  doing  the 
analyses  to  support  hypotheses  that  impact  the  broader 
view  is  what’s  different. 

In  the  end,  you  need  the  best  information  possible 
for  a  variety  of  decisions  that  range  all  the  way  from 
daily  ops  to  strategic  planning.  And  the  level  of  sophis¬ 
tication  that  you  need  to  generate  analyses  differs  based 
on  the  problem  that  you’re  trying  to  solve.  That  said, 
the  simplest  choice  that  works  is  always  the  best  one. 

Continued  on  page  3 
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It  means  that  the  futures  contract  for  that  gold  can  trade  instantly  and  more  securely.  The  Dubai  Gold  &  Commodities 
Exchange  (DGCX)  has  maintained  their  complex  network  of  worldwide  members  for  four  years  without  a  single 
security  breach  due  to  malware,  and  without  any  unplanned  downtime.  The  DGCX  worked  with  IBM  Security 
Solutions  to  help  implement  an  intrusion  prevention  system  that  builds  security  into  every  aspect  of  their  online 
trading  services  and  proactively  adapts  to  ever-evolving  threats.  A  smarter  business  is  built  on  smarter  software, 
systems  and  services.  r  #  | 

•  ■'  'x  -  v  ■ 

Let's  build  a  smarter  planet,  ibm.com/exchange  ,  \*/  •  '“=5^2=. 


IBM  the  IBM  logo  ibmcom  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corn,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names 
might  be  trademarks  ol  IBM  at  other  companies.  A  current  list  ot  IBM  trademarks  is  available  on  the  Web  at  www.lbm.com/legat/copytradi  :  gtipnat  Business  Machines  Corporate 
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"You  need  the 
best  information 
possible  for  a 
variety  of  deci¬ 
sions  that  range 
all  the  way  from 
daily  ops  to  stra¬ 
tegic  planning." 


That's  very  interesting.  How  did  you  come  to  that 
conclusion? 

In  individual  solutions,  the  tendency  is  to  beat  the 
bushes  to  wring  out  everything  you  can.  But  the  effi¬ 
ciency  of  that  solution  may  not  be  enough  to  warrant 
the  effort.  So  you  have  to  exercise  judgment.  We  do  that 
by  always  starting  with  a  baseline  that’s  either  the  exist¬ 
ing  methodology  or  the  simplest  solution  possible.  We 
generate  that  first,  and  then  everything  else  we  do  is  an 
effort  to  beat  it. 

What  has  surprised  you  as  you've  done  this  work 
over  the  last  couple  of  years? 

About  two  years  ago  there  was  a  recognition  that  we’re 
a  data-rich  company,  but  to  some  degree  there  was  still 
some  “sitting  on  the  edge  of  the  pool”  in  terms  of  ana¬ 
lytics  while  we  were  assessing  all  the  components  we 
would  need  to  have  in  place  to  bring  this  capability  for¬ 
ward.  Our  new  hypothesis  was  that  maybe  you  don’t 
need  to  have  everything  in  place  in  order  to  start. 

We  did  some  work  in  sales  forecasting  which  didn’t 
really  take  that  much  effort,  but  it  really  helped  our  sales 
organization  improve  their  forecast  accuracy  early  in 
the  season.  It  doesn’t  take  long  to  do  the  analysis,  and 
the  return  is  huge.  So  our  hypothesis  was  proven  out. 
That’s  a  big  learning. 

Operationally  speaking,  the  amount  of  time  that  we 
actually  spend  prepping  data  versus  doing  the  analysis 
seems  surprising.  For  the  exploratory  work,  maybe  we 
spend  three-fourths  of  our  time  getting  the  data  ready 


and  another  quarter  of  our  time  selecting  the  analysis, 
running  it,  and  interpreting  it.  But  we  can  complete 
these  projects  on  a  relatively  short  cycle,  and  the  benefit 
that  is  gained  in  a  really  short  time  period  is  just  phe¬ 
nomenal.  Using  analytics  itself  to  figure  out  what  data 
elements  we  need  to  go  after  and  first  making  sure  that 
those  are  correct  can  narrow  the  field  of  high-value  tar¬ 
gets  enough  that  it’s  something  that  people  can  start  to 
get  their  heads  around  and  plan  for. 

Do  you  think  this  kind  of  burgeoning,  centralized 
analytics  capability  should  be  housed  in  IT? 

Yes,  I  do.  The  reality  is  that  IT  has  always  been  a  great 
place  to  be  for  perspective  into  the  different  business 
domains.  When  you  underscore  that  with  the  imple¬ 
mentation  capability  that  being  in  an  IT  organization 
can  bring,  it  is  a  natural  fit. 

There  are  really  some  great  analytical  minds  at  this 
company  in  many  different  business  units.  They  net¬ 
work  informally  together,  and  we  have  both  formal  and 
informal  relationships  with  a  variety  of  the  people  doing 
analysis  all  over  the  company.  I  would  say  that  the  only 
formal  cross-business-unit  analytics  capability  is  fixed 
in  IT.  However,  having  a  centralized  analytics  capability 
doesn’t  mean  it’s  diminished  at  the  point  of  need.  They 
augment  each  other.  In  fact,  we  actually  accelerate  the 
efforts  of  others. 

Continued  on  page  4 
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Smarter  technology  for  a  Smarter  Planet: 

What  database  integration  means 
to  this  blood  sample. 

It  means  doctors  in  Ethiopia  will  be  able  to  instantly  compare  this  blood  sample  to  over  41,000  HIV  treatment 
histories  to  help  their  patients  receive  the  best  treatment  regimen  possible.  The  EuResist  Network  is  helping 
doctors  predict  patient  response  to  various  HIV  treatments  with  over  78%  accuracy— outperforming  9  out  of  10 
human  experts  in  a  recent  study.  The  tool  is  built  on  an  IBM  analytics  solution  that  integrates  a  variety  of  disparate 
databases  onto  a  flexible  IBM  DB2®  platform  to  process  complex  metadata  more  effectively  than  anything  else 
on  the  market.  A  smarter  organization  is  built  on  smarter  software,  systems  and  services. 


Let’s  build  a  smarter  planet,  ibm.com/hospitai 


Smarter  technology  for  a  Smarter  Planet: 

What  1.3  million  transactions 
per  second  means  to  this  car. 

It  means  the  likely  buyer  of  this  car  has  already  been  pinpointed.  Acxiom,  a  global  leader  in  marketing 
services  and  technology,  is  working  with  IBM  to  help  9  of  the  top  10  car  manufacturers,  as  well  as 
companies  in  every  major  industry,  to  efficiently  mine  over  7,000  databases  to  give  them  deep  insights 
into  their  customers.  The  IBM  System  x®  with  Intel®  Xeon®  processors  forms  the  core  of  the  solution, 
allowing  Acxiom  to  consolidate  9,360  disparate  systems  into  a  mere  264  eX5  systems  without  sacrificing 
performance.  A  smarter  business  is  built  on  smarter  software,  systems  and  services. 


Let’s  build  a  smarter  planet,  ibm.com/car 


Data  visualization  showing  propensity  of  different 
groups  of  people  to  buy  specific  models  of  cars. 


T  he  client  example  cited  is  piesented  as  an  illustration  of  the  manner  in  which  this  client  has  used  IBM  products  and  the  result /Minay  I  iave  achieved  Ac  tual  environmental  costs  and  performance  characteristics 
will  vary  depending  on  individual  client  configurations  and  conditions.  Contact  IBM  to  see  what  we  can  do  for  you.  Acxlom  CORton  is  the  provider  of  the  data  simulated  for  the  purpose  of  visualisation  of  the 
performance  of  client’s  products/services.  No  actual  consumer  or  business  Information  was  used  as  part  of  such  simulated  datajtjlfie  IBM  logo,  ibm.com,  System  x,  Smarter  Planet  and  the  planet  icon  are-  trademarks 
of  Intel  national  Business  Machines  Corp,  registered  in  many  jurisdictions  wot  Idwide.  Other  product  and  service  names  might  JaBemarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available 
on  the  Web  at  www.ibm.com/le;rat/copytiadeshtiiil.  Intel,  the  Intel  iogo.  Xeon  and  Xeon  Inside  are  trademarks  or  registered  tract JyJ-  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  ether  countries 
©  International  Business  Machines  Corporation  2010.  Ail  rights  reserved. 
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"The  best  leaders 
are  inquisitive 
and  resource¬ 
ful  in  their  use 
of  data  and  the 
talent  to  analyze 
the  data,  but 
also  decisive  and 
willing  to  take 
the  action  based 
on  data." 
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In  your  view,  how  is  the  changing  nature  and  avail¬ 
ability  of  information  and  the  changing  nature  of 
analyzing  it  going  to  alter  how  companies  work? 

The  expectation  of  having  analytical  results  available  to 
make  a  decision  early  on  is  increasing.  As  higher  quality 
information  becomes  available  faster,  we  need  to  be 
poised  to  make  decisions  faster  and  take  action  as  well. 
And  I  think  that  means  that  you  have  to  have  some  dif¬ 
ferent  skill  sets  available  to  design  and  execute  analyses. 

You  can  acquire  capability  in  terms  of  the  computa¬ 
tional  power  that’s  required  to  generate  some  analyses. 
But  you  also  have  to  invest  in  the  talent  within  your 
organization  that  really  understands  what  the  analyses 
mean  and  can  think  about  things  objectively.  The  value 
of  having  a  group  in  information  technology  is  that 
they  can  step  back  from  the  individual  business  units 
and  think  about  the  problems  and  solutions  objectively 
and  in  broad  context. 

We've  seen  that  sometimes  people  in  positions 
of  power  don't  want  to  cede  their  instincts  to 
analytically-driven  insights.  Have  you  encountered 
that? 

It’s  interesting.  You  see  a  variety  of  responses  to  the 
group,  everything  ranging  from,  “Wow,  this  is  awe¬ 
some,  we  needed  a  group  that  we  could  turn  to  for  help 
with  these  things,”  to  some  self-consciousness  and 
concern  about  the  analytical  effort  being  an  evaluation 
methodology. 

We  typically  get  past  that  by  collaborating  deeply  and 
closely  with  the  business  unit  that  we’re  working  on  a 
solution  for.  They  learn  as  they  work  through  these  solu¬ 
tions  with  us,  and  that  improvement  in  their  knowledge 
base  translates  out  into  their  organization  in  a  ripple 


effect.  In  the  end  we  don’t  want  to  own  the  model,  we 
want  that  group  to  own  the  model.  What  starts  off  as  fear 
can  become  pride  of  ownership  and  the  ability  to  work 
with  the  answers. 

Do  you  think  leaders  are  going  to  need  to  be 
different,  or  differently  capable,  in  the  age  of  the 
new  intelligent  enterprise? 

Leveraging  data  and  analytical  capability  is  an  expres¬ 
sion  of  resourcefulness,  and  it’s  something  that  you 
can’t  afford  to  fall  behind  on.  If  you  don’t  like  math  and 
analyses,  then  you  may  try  to  avoid  it  to  some  degree, 
but  you’re  going  to  be  impacted.  The  best  leaders  are 
inquisitive  and  resourceful  in  their  use  of  data  and  the 
talent  to  analyze  the  data,  but  they’re  also  decisive  and 
willing  to  take  action  based  on  data.  In  the  transition 
from  intuition-based  decisions  to  data-driven  deci¬ 
sions,  that’s  really  the  huge  difference  that  this  capa¬ 
bility  brings:  the  confidence  to  make  those  decisions.  I 
think  the  willingness  to  look  at  it  from  that  perspective 
will  help  leaders  be  effective. 

What  impediments  do  you  expect  to  encounter  as 
these  changes  become  more  widespread? 

Sometimes  we  see  some  hesitance,  based  on  a  precon¬ 
ceived  notion  that  people  won’t  understand  how  you  got 
the  answer.  We  really  try  to  help  familiarize  people  so 
that  they  don’t  walk  away  from  a  solution  because  they’re 
afraid  they  won’t  understand  how  it  got  there.  It’s  impor¬ 
tant  for  folks  to  realize  that  while  sometimes  it  requires 
highly  skilled  talent  to  combine  analytical  techniques 
to  arrive  at  an  answer,  everyone  —  absolutely  everyone 
—  is  qualified  to  ask  questions.  Once  people  start  doing 
that,  they  start  to  lose  the  discomfort.  ■ 


NETINSIDER  BY  SCOTT  BRADNER  mmmmiimmmmmnmiimm 

WikiLeaks  is  not  the  actual  problem 


ANOTHER  DAY,  another  quarter  of  a  mil¬ 
lion  confidential  government  documents 
released  via  WikiLeaks. 

This  release  was  particularly  well  orchestrated,  with  the  first 
announcements  coming  a  week  or  so  ago.  As  if  to  increase  the  impact, 
multiple  governments  went  all  atwitter,  with  the  U.S.  government 
warning  of  dire  consequences  to  U.S.  diplomacy  and  the  U.K.  govern¬ 
ment  going  so  far  as  to  ask  the  U.K.  press  not  to  publish  the  material. 
As  the  articles  in  The  New  York  Times  and  the  other  newspapers  that  got 
an  advance  look  at  the  material  show,  there  is  plenty  of  news  in  this 
release.  But  the  underlying  story,  and  lesson,  concerns  the  protection, 
or  non-protection,  of  U.S.  government  documents. 

WikiLeaks  has  come  a  long  way,  at  least  in  mind  share,  in  the  almost 
four  years  since  I  last  wrote  about  it.  It  has  been  roundly  painted  as  an 
evildoer,  when,  in  fact,  it  can’t  publish  anything  it  has  not  been  given. 

WikiLeaks  has  been  on  quite  a  roll  of  late.  While  it  has  not  confined 
itself  to  leaked  U.S.  government  documents,  it  has  published  quite  a 
few  of  those  —  starting  with  a  Department  of  Defense  counterintel¬ 
ligence  analysis  of  WikiLeaks  itself.  The  publication  of  a  video  of  a  U.S. 
helicopter  attack  in  Baghdad  was  the  first  in  an  ongoing  series  of  large- 
scale  publications  of  U.S.  government  documents. 

In  July,  WikiLeaks  published  about  75,000  pages  of  documents 
about  the  Afghan  war,  followed  by  about  400,000  pages  about  the 
Iraq  war.  Just  before  Thanksgiving,  WikiLeaks  said  that  the  next 
release  would  be  seven  times  the  size  of  the  Iraq  war  release,  but  the 
Times  reports  that  the  initial  new  release  is  “only”  250,000  pages, 
meaning  that  there  are  about  2.5  million  pages  to  come. 


There  has  been  a  lot  of  press  speculation  that  all  of  the  documents, 
starting  with  the  helicopter  attack  video,  have  come  from  the  same 
source,  a  young  U.S.  Army  intelligence  analyst  who  has  been  arrested. 
If  that  is  the  case,  it  looks  like  access  to  vast  databases  of  secret  U.S.  gov¬ 
ernment  documents  was  rather  broadly  available  and  access  was  not 
reasonably  logged.  None  of  the  documents  released  to  date  have  been 
marked  top  secret,  so  maybe  the  database  had  some  level  of  data  segre¬ 
gation.  But  if  news  reports  are  accurate,  no  log  was  kept  of  access  to  the 
database  or,  if  such  a  log  exists,  it  was  not  regularly  reviewed,  since  sus¬ 
picion  was  directed  at  the  analyst  by  a  person  outside  the  U.S.  military. 

So,  it  looks  like  the  system  is  set  up  to  permit  low-level  people  wide 
access  to  millions  of  classified  documents  without  a  way  to  monitor  such 
access,  and  the  system  permitted  bulk  download  of  these  documents. 

What  would  you  think  if  your  software  development  team  had  put 
together  such  a  system  for  your  confidential  corporate  documents? 
There  are  lessons  to  be  learned  here,  not  just  by  the  U.S.  government. 

The  surprise  about  this  latest  series  of  leaks  is  not  that  it  happened, 
but  how  it  had  not  happened  long  before.  Actually,  maybe  it  has  —  not 
everyone  who  would  like  a  copy  of  such  information  would  be  inter¬ 
ested  in  publishing  it. 

Disclaimer:  I  know  of  no  Harvard  opinion  on  WikiLeaks,  or  on 
these  disclosures,  and  I  express  no  opinion  here  of  the  correctness  of 
WikiLeaks  publishing  such  documents.  But  the  opinion  on  document 
insecurity  is  mine.  B 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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What  security  wrought  in  2010 


EVERY  YEAR,  I  try  to  predict  the  top  trends 
in  security  for  the  upcoming  year.  To  give 
myself  a  sense  of  accountability,  I  always 
look  back  at  how  well  those  predictions 
worked  out  and  either  abandon  them  or  double-down  for  the  next  year! 
It’s  time  to  test  my  security  predictions  for  2010: 

■  Security  funding  increases  by  more  than  10%  to  recover  from 
a  year  of  cuts.  Sadly,  I  was  wrong  —  most  companies  (60%)  saw  flat 
security  budgets  in  2010,  capping  a  three-year  trend  of  underfunding. 

■  Congress  creates  new  regulatory  compliance  mandates.  In 
the  wake  of  the  financial  meltdown,  I  expected  regulatory  compliance 
burdens  to  increase  in  2010.  While  HR  4173  (Dodd-Frank)  imposes 
new  regulations,  the  details  are  left  up  to  several  agencies,  some  newly 
created  and  yet  to  be  bootstrapped.  Right  now,  it’s  hard  to  tell  what  will 
come  of  those  regulations. 

■  Self-propagating  mobile  phone  worms  and  Trojans.  Internet- 
connected  smartphones  with  complex  and  sophisticated  software  can 
mean  only  one  thing:  self-propagating  viruses/worms.  IKee.B  is  a  true 
self-propagating  worm,  though  it  depends  on  a  vulnerable  SSH  server 
found  only  on  jailbroken  iPhones  (plus  it  was  released  late  in  2009).  I’ll 
call  this  a  miss,  but  I  will  repeat  it  for  2011.  It’s  only  a  matter  of  time. 

■  Cloud  computing  providers  introduce  encryption-at-rest  and 
other  security  capabilities  “as  a  service.”  I  was  really  hoping  this 
one  would  come  true,  partly  because  we  could  use  such  services  at 
Nemertes.  Unfortunately,  security  services  are  not  yet  a  priority  for 
IaaS  providers.  Security  continues  to  be  the  biggest  impediment  to 
IaaS  adoption.  I  will  also  repeat  this  prediction  for  2011. 


■  Desktop  virtualization  grows.  Citrix  and  VMware  have  both 
pushed  desktop  virtualization,  streaming  and  Type  1  hypervisors  very 
strongly  this  year.  I  will  call  this  a  win! 

■  The  FBI  issues  tens  of  thousands  of  security  letters  to  get 
records  on  individuals  without  warrants.  On  top  of  national  security 
letters  and  eavesdropping,  both  unchallenged  and  unreformed  by  the 
Obama  administration,  we  now  have  “don’t  touch  my  junk”  to  add  to 
the  epitaph  of  the  4th  amendment.  Maybe  I  should  predict  warrantless 
cavity  searches  for  2011?  At  least  there’s  one  area  where  bipartisanship 
rules:  Both  parties  think  our  privacy  is  not  worth  much  at  all. 

■  Real  ID  dies  a  deserved  death  and  is  abandoned.  It  appears  that 
with  Nevada  backtracking  on  implementation,  and  other  states  opting 
out,  Real  ID  is  truly  dead.  No  one  has  attempted  to  resurrect  it  in  this 
Congress,  so  perhaps  sanity  has  prevailed.  A  successful  prediction. 

My  last  prediction  was  sarcastic  in  nature.  I  said,  “The  Transporta¬ 
tion  Security  Administration  stops  wasting  billions  of  dollars  in  trav¬ 
eler  delays  by  confiscating  water  bottles  and  removing  shoes.  Instead  it 
focuses  on  real  threats  based  on  rational  risk  assessment,  not  security 
theater  based  on  movie  plots. ...  OK,  unlikely,  but  I  can  dream,  can’t  I?” 

That  dream  was  rudely  interrupted  when  it  “met  resistance”  dur¬ 
ing  an  “enhanced  patdown”  at  IAD  after  I  opted  out  of  unnecessary, 
melanoma-causing  radiation  exposure. 

Total  score:  3.5  out  of  7.  Let’s  hope  I  do  better  in  2011.  ■ 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He 
can  be  reached  at  andreas@nemertes.com. 
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across  seven  sites,  but  with  the  urging  of  his 
CEO  —  an  open  source  fan  —  he  went  ahead 
with  the  project  anyway. 

The  software  itself  was  free,  but  network 
prep,  peripherals  and  a  tech  to  handle  the 
project  full-time  all  came  with  a  price  tag. 
Overall  the  savings  and  the  flexibility  to  add 
new  custom  capabilities  make  the  choice  seem 
obvious  in  retrospect,  says  Scott  McCrea,  CIO 
for  the  firm,  which  is  a  statewide  dealership 
for  Caterpillar  heavy  equipment 

“They  say  nobody  ever  got  fired  for  choos¬ 
ing  IBM  or  Cisco.  That  can  be  true  about 
choosing  Asterisk,”  he  says. 

McCrea  may  be  a  pioneer  by  choosing  the 
open-source  platform,  but  it’s  hard  to  say.  The 
down  economy  hit  PBX  sales  hard  —  down 
25%  in  2009  —  says  Matthias  Machowinski, 
an  analyst  with  Infonetics,  and  they  have  yet  to 
recover.  The  crunch  likely  pushed  more  busi¬ 
nesses  to  at  least  consider  free  alternatives. 

Measuring  the  number  of  CIOs  like 
McCrea  who  are  willing  to  download,  learn, 
deploy  and  support  the  open-source  PBX 
code  is  hard  because  the  only  number  tracked 
is  downloads.  They’ve  been  steadily  grow¬ 
ing,  according  to  Digium,  the  company  that 
oversees  the  free  version  of  Asterisk  and  sells 
enhanced,  supported  versions.  But  down¬ 
loading  the  software  doesn’t  mean  it  winds 
up  in  production  networks. 

A  controversial  report  last  year  estimated 
Asterisk  and  other  open-source  PBXs  held 
an  18%  marketshare  among  PBX  vendors  in 
North  America.  The  study  by  Eastern  Manage¬ 
ment  Group  projected  that  use  of  open-source 
PBX  software  would  grow  by  40%  this  year. 

Still  it’s  not  easy  to  make  the  leap  away  from 
communications  platforms  by  solid  vendors 
like  Avaya,  Cisco,  ShoreTel,  Siemens  that  have 
products  and  migration  plans  in  place  for  cus¬ 
tomers  to  transition  from  traditional  voice  to 
unified  communications  that  blends  in  video, 
chat,  e-mail,  conferencing  and  collaboration. 

McCrea  says  a  concern  was  whether  Aster¬ 
isk  could  scale  large  enough  to  meet  Michigan 
CAT’s  needs,  so  he  initially  bypassed  it  and 
spent  six  months  evaluating  IP  phone  systems 
from  Avaya  (the  company’s  incumbent  PBX 
vendor),  Cisco,  ShoreTel  and  Siemens. 

Estimates  for  them  came  in  at  $350,000 
to  $450,000  for  hardware,  software  and  net¬ 
work  upgrades.  In  January  McCrea’sCEOJer- 
rold  M.  Jung  pushed  him  to  take  another  look 
at  Asterisk.  The  company  was  already  devel¬ 
oping  an  ERP  system  based  on  open-source 
components,  and  he  thought  an  open-source 
IP  PBX  might  be  a  good  fit,  McCrea  says. 

Talking  to  other  Asterisk  users  convinced 


Using  Asterisk 
isn’t  a  slam  dunk 

When  Michigan  CAT  considered 
using  open  source  Asterisk 
software  for  its  PBXs,  CIO  Scott 
McCrea  had  to  weigh  the  advan¬ 
tages  against  the  possible  down¬ 
sides  of  straying  from  traditional, 
commercial  vendors.  Here  are 
some  factors  to  consider: 

Pros 

No  cost  for  the  software 

Lower  hardware  costs  (off- 
the-shelf  servers) 

More  features  than  end- 
of-life  legacy  PBXs 

No  service  contract 
Supports  SIP  trunking 

Cons 

No  service  contract,  requiring 
in-house  or  third-party  support 

Relies  on  open-source  community 
for  feature  development 

No  formal  upgrade  path  to 
unified  communications 

Might  not  scale  as  large  as  needed 


him  Asterisk  would  scale,  so  he  decided  to 
hire  John  Laffey  to  shepherd  it  through  and 
stay  on  to  expand  its  capabilities  over  time. 

Laffey  says  his  first  task  was  to  familiar¬ 
ize  himself  with  the  Avaya  system  and  how 
it  was  used  at  the  seven  Michigan  CAT  sites. 
He  spent  a  couple  of  months  learning  that  and 
the  interoperability  between  the  Avaya  sys¬ 
tem  and  Asterisk  so  he  could  plan  the  cutover, 
and  set  up  project  management  tools  to  help 
break  down  the  transition  into  tasks. 

He  also  worked  with  the  firm’s  network 
manager  to  identify  infrastructure  needs  to 
support  VoIP  as  the  old  TDM  phone  system 
was  shut  down.  That  required  upgrading 
to  power-over-Ethernet  switches  to  run  the 
Polycom  phones  the  company  bought  to  sup¬ 
port  Asterisk  as  well  as  an  IOS  upgrade  to 
Cisco  routers  to  support  a  voice  virtual  LAN 
and  quality  of  service. 

He  also  laid  in  HP  ProLiant  servers  provi¬ 
sioned  to  support  Asterisk,  as  well  as  PRI  and 
FSX  cards  to  connect  to  phones  and  the  old 
PBXs.  He  then  went  about  configuring  Aster¬ 
isk  to  emulate  features  of  the  Avaya  system 
that  were  essential  such  as  rou  ting  of  calls  by 
auto  attendants  and  setting  up  voicemail. 


In  purchasing  Session  Initiation  Protocol 
(SIP)  trunks  from  Sprint  to  replace  traditional 
AT&T  T-ls,  individual  lines  and  Centrex  ser¬ 
vices  that  made  up  the  old  phone  network, 
Michigan  CAT  discovered  bandwidth  was 
over-provisioned.  By  replacing  the  AT&T  con¬ 
nections  with  equivalent  sized  SIP  trunks,  the 
company  is  saving  40%  because  SIP  trunks 
cost  less. 

But  he  could  get  an  additional  5%  to  10% 
savings  once  the  links  are  sized  appropriately 
for  each  site,  McCrea  says.  Some  of  the  com¬ 
pany’s  phone  traffic  is  seasonal,  so  tuning  the 
SIP  trunk  contracts  to  allow  bursting  may 
further  savings,  he  says. 

Hardware  and  network  upgrades  for  the 
Asterisk  project  came  to  $150,000,  which 
includes  phones,  network  upgrades,  serv¬ 
ers,  trunk  cards  and  line  cards.  Even  with 
Laffey’s  salary  tacked  on,  McCrea  projects 
an  18-month  return  on  investment  based  on 
reduced  costs. 

Beyond  savings,  Asterisk  is  already  provid¬ 
ing  richer  features  than  the  aging  Avaya  sys¬ 
tem  it  replaced.  Call  records  are  more  detailed, 
making  it  possible  to  keep  track  of  how  many 
calls  go  unanswered  for  a  certain  period  and 
then  to  design  routing  schemes  to  distribute 
calls  to  different  sites  if  the  wait  is  too  long. 

That  monitoring  will  also  let  him  know  if 
a  site’s  phones  go  down,  and  he’s  arranged 
with  Sprint  to  automatically  switch  calls  to 
other  sites  when  they  do.  If  the  problem  is 
with  the  Asterisk  server,  the  company  has 
preconfigured  standbys  that  can  be  driven  to 
the  downed  site  to  get  it  back  online. 

This  is  a  step  up  from  the  old  system  where 
outages  generally  resulted  in  finger  pointing 
between  AT&T  and  Avaya  for  half  a  day. 

Receptionist  workstations  display  more 
information  about  calls  than  was  available 
via  Avaya  receptionist  consoles,  and  the  new 
system  distributes  visual  voicemail  as  e-mail 
notifications  with  audio  attachments. 

Down  the  road,  the  company  plans  to  inte¬ 
grate  the  phone  system  with  its  ERP  system. 
That  will  give  contact  center  agents  screen 
pops  of  customer  histories  as  calls  come  in  and 
enable  the  routing  of  calls  to  the  same  agents 
that  customers  talked  to  the  last  time,  he  says. 

CAT  distributorships  are  generally  family 
owned  and  the  IT  departments  in  different 
states  share  experiences,  McCrea  says,  includ¬ 
ing  knowledge  about  their  phone  systems. 
Most  of  his  peers  use  Cisco  phone  systems,  but 
he’s  looking  forward  to  showcasing  to  them 
what  he’s  done  with  Asterisk  in  Michigan. 

“When  I  told  them,  I  got  a  lot  of  cross¬ 
eyed  looks,”  he  says.  “We’ve  shown  you  can 
get  this  done  fairly  inexpensively  and  with¬ 
out  fear.”  ■ 
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Sorting  Tin  oimjIi  Rich  Internet  Apps. 

Find  out  what  you  need  to  know  about  Rich  Internet  Applications  (RIA)  in 
this  whitepaper  authored  by  Forrester  Research.  Key  questions  such  as 
what  is  the  acceptable  use  of  RIAs  by  other  companies  and  how 
aggressive  companies  using  RIAs,  are  addressed  here.  Download  this 
whitepaper  now. 
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IBM  ♦  Sun:  How  <1  iner  «ier  would  affect  IT 

By  Jon  Brodkm 

The  IT  industry  is  abuzz  with  the  rumor  that  IBM  is  going  to  purchase 
Sun  for  nearly  $7  billion,  first  reported  in  the  Wall  Street  Journal.  It's 
all  speculation  until  a  deal  is  confirmed,  but  the  combined  reach  of 
an  IBM/Sun  company  would  be  vast.  Here  are  nine  topics  to  consider. 
Read  full  stoiv 
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Chrome  will  accomplish.  Is  Chrome  merely  a  browser,  or  is  intended 
to  be  something  more  important? 
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TOOLS 

Snagging  YouTube  videos  and  the  Rasterbator 


f  you  want  to  download  video  from  You¬ 
Tube  there  are  several  potentially  good  tool 
choices.  I  say  “potentially”  because  all  the  tools 
I’ve  tried  seem  to  have  problems;  I  have  yet  to 
find  a  download  tool  that  works  flawlessly. 

I  just  got  a  press  release  for  a  download  util¬ 
ity  called  YouTubeGet  that  I  have  yet  to  test, 
but  I’m  writing  about  it  because  it’s  currently  on  a  free 
promotion  until  Dec.  10.  The  company  claims  it  has 


Mark  Gibbs’ Gearhead 


sold  100,000  copies  of  the  tool  for  $29.95  each. 

YouTubeGet,  which  works  with  Windows 
2000,  XP,  2003,  Vista,  and  7,  allows  you  to 
save  video  from  YouTube  and  convert  it  to 
MP3,  WMV,  AVI,  MOV,  3GP  and  other  com¬ 
mon  video  and  audio  formats.  Check  it  out 
and  let  me  know  what  you  think. 

While  we’re  talking  about  things  visual, 
have  you  ever  wanted  to  enlarge  an  image  to, 
say,  the  size  of  a  wall?  Should  this  be  a  hidden 
desire  of  yours,  there’s  a  problem:  The  image’s 
resolution  may  not  be  high  enough  to  allow  it 
to  look  good  when  it’s  hugely  enlarged. 

For  example,  if  an  image  is  1024  pixels 
wide  by  768  pixels  tall,  then  enlarged  to  5  feet 
high  it  would  be,  proportionately, 

6.67  feet  wide.  The  pixel  density 
would  then  be  just  12.8  pixels 
per  inch  (ppi)  which  is  coarse 
and,  of  course,  the  smaller  the 
original  image,  the  lower  the  ppi 
and  the  lower  the  quality  of  the 
final  result. 

If  you  printed  the  image  at  that 
resolution  you’d  just  have  big 
smears  of  color.  There  is,  how¬ 
ever,  a  better  way:  Rasterizing,  or 
rather,  re-rasterizing. 

This  isn’t  normal  rasteriza¬ 
tion,  which  takes  a  vector  image 
and  converts  it  to  a  grid  or  ras¬ 
ter  (from  the  Latin  ‘rastrum’ 
for  ‘rake’  derived  from  ‘radere’ 
which  means  ‘to  scrape’)  made 
up  of  spots  of  color.  No,  this  proc¬ 
ess  involves  scaling  a  small  ras¬ 
ter  to  make  a  bigger  raster  that 
looks  good. 


Enter  the  amusingly  named  Rasterbator, 
created  by  one  Matias  Arje  in  Helsinki,  Fin¬ 
land.  It  does  exactly  that  job. 

The  Rasterbator,  which  is  built  on  top  of 
.Net  Framework  1.1,  doesn’t  require  installa¬ 
tion  —  you  just  download  the  software,  unzip 
it,  and  run  it. 

You  select  a  source  image,  the  paper  size, 
the  paper  orientation,  the  size  of  the  raster- 
bated  poster  you  wish  to  create,  whether  to 
draw  a  cutout  line  around  rasterbated  area 
(for  printers  that  don’t  support  borderless 
printing),  the  dot  size  to  use,  the  color  mode, 
and  the  output  file  name. 

The  default  color  mode  is  black,  and  selecting 


that  or  any  single  color  will  result  in  the  soft¬ 
ware  outputting  different  sized  dots  according 
to  the  brightness  at  each  point  of  the  image. 

There’s  also  an  option  for  “Rasterbate  on  low 
priority”  so  that  the  software  doesn’t  suck  up 
all  of  your  machine’s  processing  power. 

Now  you  click  on  the  “Rasterbate!”  button 
and  voilal  The  Rasterbator  produces  a  ras¬ 
terized  image  that  you  can  print  out  using  a 
PDF  reader.  Then,  if  your  printer  doesn’t  do 
borderless  printing,  you  trim  off  the  margins 
and  stick  the  pages  on  the  wall. 

Just  think  of  what  you  could  do!  As  you 
turn  the  corner  into  the  data  center  you’re 
confronted  by  what  looks  like  the  entrance  to 
Hell.  Or  maybe  the  wall  at  the  end  of  a  corridor 
looks  like  it  has  a  hole  in  it,  and  you  can  see 
fields  and  hills  in  the  distance. 

If  you  produce  something  cool  with  the 
Rasterbator,  take  a  picture  (of  the  picture)  and 
send  it  to  me.  The  Rasterbator  gets  a  rating  of 
5  out  of  5!  ■ 

Gibbs  has  image  issues  in  Ventura, 

Calif.  Vector  your  thoughts  to  gearhead 
@gibbs.com. 


I  he  Rasterbator 


Rasterbator 


Define  output  size 

jiTo  ^  sheets 


Output  image  size: 
1.08  x  0.81  m 

Paper  consumption: 
5  x  3  =  15  sheets 


<  Back 


Contnue  > 


The  Rasterbator  can  enlarge 
an  image  to  wall  size  without 
making  it  look  smeared. 
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An  IDG  Enterprise  Event 


Navigate  the  Technology 
Landscape  in  One  Day. 

ALL  NEW  IN  2011! 

IT  Roadmap  is  the  one-day  technology  conference 
and  expo  that  comes  to  you,  designed  to  give  you  what 
you  need  to  navigate  the  road  ahead  and  let  IT  drive 
your  success.  You’ll  learn  best  practices  from  top  IT 
leaders,  gain  new  solutions  from  key  vendors,  and  hear 
expert  analysis  of  where  IT  is  headed.  It’s  a  premium 
opportunity  to  network  with  your  colleagues,  talk  directly 
to  successful  end-users,  and  to  consult  one-on-one 
with  technical  representatives  from  leading  hardware, 
software  and  service  IT  companies.  And  it's  coming  to  a 
city  near  you. 

With  an  all  new  agenda  for  2011,  IT  Roadmap  is  bringing 
you  more  of  the  critical  IT  trends,  challenges  and  solutions 
that  matter  most. 

Visit  www.itroadmap.net  for  more. 
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IT  Roadmap  returns  in  201 1  with 
a  whole  new  look  and  agenda. 


www.itroadmap.net 
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2011  sponsorship  opportunities 
available  for  IT  Roadmap! 

For  more  information  please  contact: 

Andrea  DAmato,  Vice  President 
&  Publisher,  Network  World, 
508-766-5455  oradamatoranww.com. 

Mike  McGoldrick,  Regional  Sales 
Director,  508-766-5459  or 
mmcgoldrickranww.com. 

Brian  Klunk,  Regional  Account  Manager, 
415-267-4514  or  bklunkranww.com. 
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mu  toolshed 


PARITY  BITS 


GADGETS 

Reach  out  and 
Tm  ichCam  someone 


Keith  Shaw’s 
Cool  Tools 

can  easily  attach  to  the  top  of  a 
notebook  screen  or  a  flat-panel 
monitor.  The  camera  and  USB 
cord  are  also  small  and  compact 
enough  to  pack  inside  your  travel 
bag  (but  be  careful  not  to  scratch 
the  lens,  since  the  camera  doesn’t 
come  with  a  travel  pouch). 

We  had  two  units  to  test,  and  when  both 
Nls  were  connected,  they  offered  a  great  video 
call  and  awesome  sound.  I  then  switched  to  a 
built-in  Webcam  on  a  notebook  (a  1.3  mega¬ 
pixel  camera),  and  both  the  sound  and  video 
quality  on  my  end  went  down.  On  the  upside, 
I  could  still  see  and  hear  the  caller  (who  was 
using  the  Nl)  just  fine.  Your  best  bet  would  be 
to  buy  two  cameras  and  give  one  to  the  person 
who  you  want  to  call  the  most. 


The  power  saved  and 
performance  gained, 
respectively,  run¬ 
ning  Windows  Server 
2008  R2  on  a  new 
Energy  Star  qualified 
server  compared 
to  Windows  Server 
2003  SP3  on  a 
3-year-old  server. 


SOURCE:  MICROSOFT 


the  keyboard  and  to  the  side  of  the  touchpad. 
And  because  of  the  way  it’s  designed,  it  feels 
like  you’re  using  a  pen,  not  a  mouse. 


THE 

SCOOP 


FV  TouchCam 
Nl 

by  FaceVision,  about  $120. 


►  What  it  is:  The  FV  TouchCam  Nl  is  a 
high-definition  Webcam  capable  of  support¬ 
ing  720p  resolution  for  video  calls  (not  just 
across  a  LAN,  but  over  the  Internet).  The 
camera  is  certified  by  Skype  for  its  HD  video 
calls,  and  includes  hardware  encoding  of 
the  H.264  protocol  (instead  of  relying  on 
the  PC’s  CPU).  Other  features  include  a 
78-degree  wide  angle  lens  and  dual  built-in 
microphones  for  better  sound  quality. 

►  Why  it’s  cool:  While  you  may  have  a 
Webcam  built  into  your  new  notebook,  it 
most  likely  doesn’t  offer  the  720p  support, 
the  dual  microphones  (you’ll  end  up  need¬ 
ing  to  use  headphones  for  good  call  quality), 
or  the  wide  angle  lens  that  the  Nl  offers.  If 
you  videoconference  a  lot  (or  if  you  want 
to  start  making  more  video  calls), 
the  Nl  offers  an  upgrade  from  the 
standard  built-in  Webcam. 

The  wide  angle  lens  is  very  nice  for 
video  calls  with  multiple  people,  so  they 
don’t  have  to  scrunch  next  to  one  another 
in  order  to  be  seen  on  the  video  screen.  The 
design  of  the  Nl  is  also  very  nice  —  the  brace 


►  Some  caveats:  The  camera  currently 
doesn’t  support  the  Skype  Mac  client  or 
iChat,  so  Mac  users  are  out  of  luck.  For  two- 
way  720p  calls,  both  users  need  broadband 
upload  and  download  speeds  of  at  least 
1.2Mbps.  Skype  users  also  need  to  upgrade 
to  Version  4.2  or  newer  before  installing  the 
cameras. 

►  Grade  ★★★★V  (out  of  five) 


THE 

SCOOP 


Swiftpoint 

Mouse 

by  Swiftpoint  Ltd.,  about  $70. 


►  What  it  is:  This  very  tiny  mouse  is 
designed  for  notebook  users  who  don’t 
want  to  carry  around  a  traditional  travel 
mouse,  and  those  who  can’t  stand  notebook 
touchpads.  The  Swiftpoint  r,~„. 
Mouse  is  small  enough  iralllllf 

that  you  can  use  it 


►  Why  it’s  cool:  The  extremely  small  size 
makes  it  perfect  for  mobile  workers  —  you 
can  leave  the  USB  receiver  in  the  slot  and 
it  won’t  break.  Moreover,  the  dongle  has 

a  magnetic  port  that  recharges  the  mouse 
when  it’s  not  being  used. 

►  Some  caveats:  The  design  of  the  mouse 
requires  you  to  change  some  of  your  mous¬ 
ing  habits.  For  example,  your  index  finger 
activates  both  the  left-click  and  right-click 
buttons  —  leaving  nothing  for  your  middle 
finger  to  do.  Scrolling  is  also  different  —  you 
need  to  tilt  the  mouse  to  the  right  and  then 
physically  roll  the  scroll  wheel  on  your 
mousepad  or  notebook  surface.  Using  this 
mouse  does  take  some  practice,  and  you 
could  experience  some  scrunching  pain  in 
your  fingers  if  you’re  not  careful.  I  would 
recommend  this  mouse  only  if  you’re  using 
it  with  a  notebook  and  have  limited  space  for 
mousing. 


►  Grade  ★★★y 


Shaw  can  be  reached  at 
kshaw@nww.com. 
Follow  him  on 
Twitter  at  http:// 
twitter.com/ 
shawkeith. 
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MARKETPLACE 


MAKE  LIFE  EASIER 


cablesys.com/nw 


cs@cablesys.com 


Patching  96-Ports,  Switches  to  Panels 

Option  1 :  Buy  96  patch  cords,  open  96  bags,  run  cables, ...untangle,  organize, 
bundle,  tie  wrap,  and  label  96  cords. 

Option  2:  Call  Cablesys,  we  ship  you  16  pre-bundled  and  pre-labeled  patch 
cords  wrapped  nice  and  neat.  Just  lay  the  bundles  and  you’re  done. 

You  name  it,  we  do  it  -  Fiber,  CAT5e,  CATS,  CAT6A,  multi-media,  POS 
terminals,  field  station  deployments  Less  work  and  save  money,  now  that’s 
life  made  easy.  Talk  to  one  of  our  dedicated  account  representatives  today. 


—  Pre-terminated  Bundled  Solutions 
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NETWORK-ATTACHED  STORAGE 

Best  NAS  boxes  for  less  than  $1,000 

Eight  desktop  devices  that  deliver  terabytes  of  shared  storage  and  more 


BY  JAMES  GASKIN 

Buffalo  shattered  the  $1,000  barrier  for  a  terabyte  of  shared 
storage  back  in  2005.  With  storage  prices  continuing  to 
drop,  that  same  $1,000  today  can  buy  a  4TB  or  even  5TB 
network- attached  storage  (NAS)  device  with  RAID  5  disk 
redundancy,  plus  additional  features,  such  as  backup  stor¬ 
age  licenses  and  indexing  capabilities. 

We  tested  eight  units,  each  suitable  for  workgroups  in  large  enter¬ 
prises  or  as  an  entry-level  server  for  small  businesses.  Our  test  group 
included  Buffalo  Technology  TeraStation  III,  Iomega  StorCenter,  Net- 
gear  ReadyNAS,  Western  Digital  ShareSpace,  Seagate  BlackArmor, 
LaCie  5big  Network  2,  Verbatim  PowerBay  and  the  QNAP  TS-459 
Pro  II.  We  tried  to  get  a  unit  from  Cisco,  but  its  NSS  300  Series  Smart 
Storage  units  are  undergoing  a  major  refresh,  and  won’t  be  available 
until  2011. 


All  of  the  units  support  Windows,  Apple, 
and  Linux  clients,  but  most  demand  a  Win¬ 
dows  PC  to  execute  the  initial  setup  and  con¬ 
figuration  software,  and  all  units  integrate 
with  Microsoft’s  Active  Directory.  Beyond 
basic  storage,  Buffalo  and  Iomega  offer  work¬ 
group  document  indexing  and  searching,  for 
free.  QNAP  leads  the  way  in  running  multiple 
applications,  many  of  which  require  the  included  MySQL.  Hosting  a 
database  and  applications  on  a  NAS  unit  has  not  been  possible  before. 
LaCie  is  by  far  the  most  stylish  device  and  it  offers  five,  1TB  disk  trays 
for  3.6TB  of  usable  space.  Seagate  was  the  only  device  to  offer  software 
to  support  a  bare  metal  restore  for  Windows  clients.  Netgear  was  the 
only  product  to  offer  a  five-year  warranty.  Western  Digital  delivered  the 
lowest  price  per  terabyte.  Verbatim  offers  the  ability  to  use  a  second  box 
as  a  real-time  replication  server. 


CLEAR 

CHOICE 

TESTi^ 


Western  Digital  ShareSpace 

The  Western  Digital  ShareSpace  wins  the 
low-price  award  for  offering  2.68TB  of 
usable  space  (after  disk  redundancy  and  sys¬ 
tem  overhead  on  the  4TB  maximum  size)  for 
hundreds  less  than  the  other  units.  The  dark 
silver  box  looks  like  a  home  theater  compo¬ 
nent,  and  includes  media  streaming  support. 

It  does  cut  a  few  corners  by  using  a  single  Eth¬ 
ernet  port  and  foregoing  an  information  dis¬ 
play,  but  bargain  hunters  will  love  this  box. 

The  Quick  Installation  Guide  does  a 
good  job,  although  it  hasn’t  been  updated  to 
included  Windows  7.  One  Gigabit  Ethernet 
port  joins  three  USB  2.0  ports;  two  are  on 
the  back  and  one  on  the  front.  When  a  USB 
hard  drive  is  attached  to  the  front  USB  port,  a 
push  of  the  file  transfer  button  just  above  the 
USB  connection  copies  data  from  the  external 
drive  to  the  NAS  system.  Western  Digital  sells 
a  large  number  of  USB  external  hard  disks,  so 
give  the  company  credit  for  making  it  easy  to 
upgrade  to  a  disk-redundant  shared  storage 
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Product 

name 

TeraStation  III  (4TB) 

StorCenter  (4TB) 

BlackArmor  NAS  (4TB) 

ReadyNAS  (2TB) 

Company 

Buffalo  Technology 

Iomega 

Seagate 

Netgear 

Cost 

$760 

$829 

$700 

$875 

Pros 

TeraSearch  indexing  app 
included;  software  backs  up 
Windows  servers,  Exchange, 
MS-SQL  databases. 

Best  information  screen, 
unlimited  backup 
software  licenses,  text 
search  for  stored  files. 

Bare-metal  restore  client 
software  included;  Wiki  server 
software  for  internal  use. 

Five-year  warranty;  device 
backup  via  rsync  and  secure 
rsync;  easy  install. 

Cons 

Weak  password  security; 
no  device  content 
backup  support. 

Weak  password  security. 

Power  brick. 

2TB  unit  as  expensive  as 
some  other  4TB  units. 
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Iomega  StorCenter  wins  points  for  its  information  display. 


system  from  a  USB  disk. 

All  important  features 
remain  even  with  the  low 
price.  Configured  with  RAID 
5  by  default,  the  box  also  sup¬ 
ports  levels  0  (striped)  and  1 
(mirrored  drives).  Microsoft 
Active  Directory  support  is 
included,  as  is  a  built-in  FTP 
server. 

Default  folders  on  the  Data- 
Volume  are  Configuration, 

Download  and  Public.  Creat¬ 
ing  users  is  a  snap  for  those  new  to  adminis¬ 
tration,  since  Western  Digital  includes  a  Basic 
and  Advanced  Mode  for  administration,  and 
the  icons  for  both  are  non-threatening.  Users 
get  their  own  private  folder  by  default,  and  the 
security  controls  for  managing  user  access  are 
as  complete  as  any  of  the  other  boxes.  The  user 
folders  are  again  placed  in  the  root  of  the  vol¬ 
ume,  but  only  users  authorized  to  see  a  folder 
can  see  it  in  the  directory  listing.  An  attached 
USB  hard  drive  can  be  managed  as  a  volume 
just  like  an  internal  volume. 

Not  quite  bare-bones,  the  Western  Digital 
ShareSpace  gives  quite  a  bit  of  storage  for  the 
buck.  It  may  be  priced  for  home  users,  but  it 
does  all  the  important  things  any  small  busi¬ 
ness  or  department  needs. 

Iomega  StorCenter 

A  little  smaller  than  average,  the  Iomega 
StorCenter  ix4-200d  unit  with  4TB  of 
storage  looks  a  bit  more  polished  than  the 
Buffalo  unit,  but  is  still  all  black.  This  unit 
also  has  two  Gigabit  Ethernet  ports  as  well 
as  three  USB  2.0  ports,  and  after  disk  redun¬ 
dancy  and  system  storage  overhead,  provides 
2.71TB  of  open  space.  Printers  and  external 
disks  can  be  attached  to  the  USB  ports. 

The  information  display,  about  the  size  of 
a  domino,  is  the  best  in  the  group.  White  let¬ 
ters  on  a  blue  background  show  time  of  day 
and  date,  the  IP  address  of  the  unit,  and  a 
bar  graph  of  available  storage.  Free  and  used 


totals  are  listed  in  text  above  the  bar  graph 
that  shows  at  a  glance  how  much  disk  space 
is  used  and  free.  Following  the  paper  Quick 
Start  Guide  was  simple,  and  the  installation 
CD  includes  both  the  administration  soft¬ 
ware  (Iomega  StorCenter)  and  EMC  Retro¬ 
spect  Express  backup  software  (both  PC  and 
Mac).  Unlimited  client  backup  licenses  are 
included,  which  is  unusual.  A  pitch  for  Mozy 
online  backup  is  enclosed,  since  EMC  owns 
both  Iomega  and  Mozy.  Iomega’s  QuickPro- 
tect  file  level  backup  software  is  also  on  the 
CD.  Time  Machine  server  for  Apple  client 
backup  is  pre-installed.  The  contents  of  the 
Iomega  unit  can  be  replicated  to  another  NAS 
or  USB  attached  hard  drive  via  one  touch  (to 
the  USB  drive)  or  rsync. 

The  default  shares  on  the  single  large  vol¬ 
ume  are  Public  and  Backup.  Private  user  fold¬ 
ers,  created  with  new  users,  appear  in  the  root 
of  the  folder,  but  only  the  user  in  question  can 
see  their  folder.  It  may  look  a  little  messy  with 
all  those  private  folders  to  the  administrator, 
but  users  won’t  see  that.  RAID  5  and 
RAID  10  are  supported,  as  is  JBOD 
(Just  a  Bunch  of  Disks),  giving 
maximum  storage  space  but 
no  protection  against 
drive  failure. 

Security  must  be 
enabled  before  adding 
users,  which  makes 
sense.  Creating  a  user 
is  a  two-click  process 


(and  typing  the  name  and  password),  and 
the  second  step  offers  a  chance  to  let  other 
users  access  the  private  folders  of  the  new 
user  with  an  easy  radio  button  interface. 
Default  access  is  None,  but  Read  and  Read/ 
Write  security  options  are  available.  Speak¬ 
ing  of  security,  Iomega  suggests  using  at 
least  eight  characters  for  user  passwords, 
but  no  such  restrictions  are  enforced. 

Administrators  will  appreciate  Iomega’s 
admin  utility  with  friendly  icons  and  help 
only  a  click  away.  The  Dashboard  button 
opens  a  page  showing  a  pie  chart  of  used  and 
open  disk  space,  and  hardware  details.  Unfor¬ 
tunately,  there’s  room  for  only  a  single  e-mail 
address  for  notifications.  Storage  quotas  are 
assigned  per  folder,  not  username,  but  restrict¬ 
ing  a  user’s  private  folder  gets  the  job  done. 

Iomega  also  supports  media  services  with 
a  screen  to  manage  Torrent  downloads  and 
support  for  photo  dumping  from  cameras 
(PTP  or  Picture  Transfer  Protocol),  DLNA  AV 
Media  Center  and  iTunes  streaming  (aimed 
at  home  users  primarily).  Video  surveillance 
support  includes  the  ability  to  connect  up  to 
five  Axis  network  security  cameras  and  use 
the  Iomega  box  to  store  video  without  need¬ 
ing  a  PC  in  the  loop.  The  box  is  also  VMware 
certified  as  a  storage  unit. 

The  search  function  in  the  Iomega  box  has  a 
nicer  front  end  than  Buffalo’s,  and  works  just 
as  quickly  and  accurately.  Users  of  the  search 
utility  see  the  administration  utility  interface, 
stripped  down  to  display  only  Search,  Access 
Shared  Storage  (that  the  user  has  rights  to), 
and  Manage  Torrent  Downloads.  One  click, 
and  users  can  quickly  search 
indexed  contents. 

Buffalo 
TeraStation  III 

he  TeraStation  III  that 
we  tested  is  a  black  metal 
box  slightly  larger  than  aver¬ 
age  for  the  units  tested  (but 
not  bigger  than  most  two-slice 
toasters),  featuring  two  Gigabit 
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ShareSpace  (4TB) 

5big  Network  2  (5GB) 

TS-459  Pro  ii  (2TB) 

PowerBay  NAS  array  (4TB) 

Western  Digital 

LaCie  USA 

QNAP  Systems 

Verbatim 

$500 

$849 

$899  without  drives; 
resellers  set  loaded  price 

$825 

Low  price. 

Stylish  design,  most  usable  space, 
ports  for  eSATA  external  drives. 

Best  admin  utility,  above  average 
password  security,  Web  server 
and  app  software  included. 

System  content  backup  via 
rsync  over  Ethernet  link,  can 
configure  to  trigger  e-mail  alerts 
for  various  types  of  events. 

Only  1  Ethernet  port,  no 
information  screen. 

System  contents  backup  only  to 
attached  USB  or  eSATA  drives. 

One-year  warranty. 

Weak  security,  no  default 
disk  access  for  new  users, 
no  information  screen. 
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Ethernet  ports  and  three  USB  2.0  ports.  The 
information  display  screen,  two  lines  of  16 
characters  each,  rotates  between  showing  the 
time  and  date,  unit  IP  address  for  both  Ether¬ 
net  ports,  link  speed,  and  the  number  of  disks 
active.  There  was  2.88TB  of  available  space 
on  the  system  after  RAID  5  and  included  soft¬ 
ware  overhead. 

Initial  startup  and  configuration  was 
straightforward  as  we  followed  the  Quick 
Start  pamphlet  and  also  the  full  manual 
on  the  included  CD.  The  box,  configured 
as  a  Dynamic  Host  Configuration  Protocol 
(DHCP)  client,  picked  up  an  open  IP  address 
immediately.  Most  companies  like  to  assign 
a  static  IP  address  to  their  storage  units,  and 
that  option  appears  during  the  initial  setup. 
After  a  reboot,  all  the  configuration  changes 
were  in  place  and  the  unit  was  fully  visible  on 
the  network. 

Besides  the  device  locator  and  adminis¬ 
tration  software  on  the  CD,  Buffalo  includes 
10  licenses  of  NovaBackup  Business  Essen¬ 
tials  Backup  software.  Unlike  most  backup 
software  included  with  equivalent  devices, 
NovaBackup  works  with  Microsoft  Windows 
servers,  Windows  Exchange  and  MS-SQL 
databases.  Your  existing  backup  software  will 
work  with  the  TeraStation,  of  course,  if  you 
redirect  the  storage  location  on  the  clients  to 
a  folder  on  the  NAS. 

A  single  volume  named  Arrayl  contained 
all  the  storage  space  in  the  TeraStation.  Two 
folders,  Info  and  Share,  were  created  by 
default.  Share  is  open  to  everyone,  while  Info 
is  read-only  and  includes  a  copy  of  the  manual 
in  both  English  and  Japanese.  Access  to  fold¬ 
ers  can  be  set  at  the  folder  level,  or  by  restrict¬ 
ing  individual  users  or  groups.  You  can  set 
storage  quotas  on  users.  RAID  levels  0, 1,  5 
and  10  are  supported. 

Creating  users  is  a  simple  two-step  process: 
name  the  user  and  assign  a  password,  then 
type  the  password  again  for  verification.  No 
security  best  practices,  such  as  a  minimum 
password  length,  are  enforced.  A  text  field 
asks  for  User  ID,  which  may  confuse  some, 
but  the  system  will  assign  a  number  between 
1000  to  1999  in  order  of  user  creation.  If  you 
want  to  assign  your  own  numbers,  you  may 
do  so.  Users  are  automatically  included  in  the 
default  group  “hdusers,”  which  is  handy,  and 
a  step  many  others  forego,  requiring  an  extra 
step  to  gain  the  advantages  of  grouping  users 
for  easier  administration. 

An  unexpected  but  quite  nice  feature  is 
TeraSearch,  which  indexes  and  searches  files 
stored  on  the  unit.  You  must  enable  searching 
for  each  folder  individually  (but  sub-folders 
are  included),  and  update  indexes  manually  or 
set  a  time  for  regular  indexing.  The  software 
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ReadyNAS 
features  above- 
average  security. 


is  Web-based  and  you  find 
the  application  by  put¬ 
ting  the  unit’s  IP  address 
in  the  URL  along  with  a 
port  address.  Once  con¬ 
figured,  the  indexing  soft¬ 
ware  worked  quickly  and 
proved  quite  handy. 

Other  goodies  include 
a  DLNA  (Digital  Liv¬ 
ing  Network  Alliance) 

MediaServer,  basic  print 
server,  BitTorrent  server. 

Time  Machine  support  for 
Apple  client  backup,  FTP 
server,  and  Virus  Scan¬ 
ning.  You  can  encrypt  the 
disk  with  128-bit  AES  encryption,  but  only 
when  reformatting  the  drive  array. 

E-mail  notification  support  is  better  than 
average,  with  room  for  five  addresses,  and  a 
check  list  of  events  that  will  trigger  e-mails. 
When  the  system  is  shut  down  properly,  an 
e-mail  goes  out,  a  nice  touch  if  you  manage 
remote  units. 


Netgear  ReadyNAS 

Smaller  than  the  average  box  in  this  group, 
the  Netgear  ReadyNAS  has  an  informa¬ 
tion  screen  that  shows  two  lines  of  16  charac¬ 
ters  reporting  the  IP  address  and  the  free  disk 
space  on  the  unit.  There  are  two  Gigabit  Ether¬ 
net  ports  and  three  USB  2.0  ports  for  external 
disks  and/or  printers.  It’s  the  only  box  with  a 
handle  so  if  you  need  a  couple  of  terabytes  to 
carry  around,  this  will  do  the  trick.  And  we 
say  “a  couple”  because  the  unit  included  four 
500GB  disks  for  2TB  of  maximum  storage, 
yielding  1.3TB  after  the  bytes  used  for  disk 
redundancy  and  system  files  are  subtracted. 
10GB  is  reserved  for  snapshots.  Most  other 
units  include  4TB,  but  the  Netgear  price  for 
4TB  breaks  our  $1,000  ceiling. 

Netgear  includes  an  excellent  Installa¬ 
tion  Guide  pamphlet  that  should  help  the 
most  hesitant  administrator  through  setup 
and  configuration.  When  started,  the  unit 
grabbed  an  IP  address  from  the  DHCP  server, 
then  suggested  we  reserve  that  address  on  the 
router/DHCP  server.  It  would  be  more  helpful 
if  they  offered  the  static  IP  screen  at  that  point 
and  included  instructions  for  choosing  and 
setting  a  static  address.  Network  Time  Proto¬ 
col  servers  offered  by  default  are  from  Netgear, 
not  an  NTP  pool  like  on  most  other  units. 

Setup  forced  us,  as  the  administrator,  to  set 
a  new  password.  Unlike  the  other  boxes,  this 
one  offered  a  password  hint  and  a  space  for 
an  e-mail  address  to  send  that  hint  to  in  case 
you  forget.  There  is  room  for  three  e-mail 


addresses  to  receive  alert 
notifications. 

By  default,  the  box  set 
up  a  “netgear”  workgroup 
for  simple  Windows  file 
sharing.  We  prefer  to  use 
the  Microsoft  default  of 
“workgroup”  but  it  was 
an  easy  change.  Shared 
folders  Backup  and  Media 
are  created  by  default.  The 
Media  folder  could  be  a  busy  one, 
since  Netgear  markets  this  family 
of  storage  products  to  home  and  home  office 
users.  Support  for  ReadyDLNA,  iTunes,  and 
SqueezeCenter  for  SqueezeBox  devices  is 
included. 

No  client  backup  software  is  included,  but 
the  NAS  unit  functions  quite  well  as  the  des¬ 
tination  for  your  existing  client  backup  soft¬ 
ware.  Backups  of  the  NAS  unit  contents  are 
done  via  snapshots  to  transfer  to  other  loca¬ 
tions,  using  rsync  and  secure  rsync. 

Although  there  is  no  Public  or  Document 
folder  for  everyone  to  share  created  by  default, 
adding  one  is  a  matter  of  a  few  clicks.  Each 
user  automatically  gets  his  own  private  folder 
when  assigned  a  password,  and  you  can  add 
recycle  bins  in  the  home  folders  for  each 
user.  You  can  also  import  users 
as  a  group  with  the  properly 
formatted  file.  Each  user 
and  group  can  have 
a  storage  quote 
attached. 


Beyond  the  excellent  Installation  Guide,  the 
administrative  screens  and  processes  look 
fairly  austere  and  aren’t  as  intuitive  as  the 
first  two  units.  Once  configured,  few  changes 
are  necessary  on  storage  units  like  this,  so  this 
would  be  an  issue  that  arises  rarely. 

RAID  levels  0, 1,  and  5  are  supported.  This 
box  also  supports  VMware  storage  connec¬ 
tions.  Unlike  other  units,  the  Netgear  Ready- 
NAS  comes  with  a  five-year  warranty. 


Verbatim  PowerBay 

If  you  think  of  Verbatim  only  for  the  3.5-inch 
floppies  stuck  in  drawers  here  and  there, 
you’re  just  as  behind  the  times  as  we  were.  The 
company  still  makes  plenty  of  blank  media, 
from  floppy  to  Blu-ray  disks,  but  it  also  makes 
a  wide  range  of  USB  and  FireWire  desktop 
drives,  and  the  PowerBay  NAS  Array  in  size 
ranging  from  2TB  to  8TB.  The  Verbatim  4TB 
unit  we  tested  delivered  2.95TB. 

A  black  metal  box  about  average  size  in 
the  group,  the  Verbatim  unit  has  two  Gigabit 
Ethernet  ports  (one  for  the  network,  and  one 
for  clustering  with  another  PowerBay  unit  for 
real-time  data  repli¬ 


cation).  Two  USB  2.0 
ports  are  available 
for  external  drives  or 
printers. 


Power  Bay  sports  an 
eSATA  connector  for 
adding  more  storage 
or  backup. 


There’s  also  an  eSATA  connector  for  adding 
more  storage  capacity  or  backup. 

Such  a  rarity:  a  real  paper  manual  is 
included.  The  electronic  version  is  on  the 
enclosed  CD,  as  is  Acronis  Backup  software, 
with  five  licenses. 

Some  installation  details  can  be  accom¬ 
plished  through  the  MagicalFinder  utility 
that  locates  the  drive  on  the  network  (espe¬ 
cially  useful  with  new  installations  that  rely 
on  a  DHCP  server  to  provide  the  box  address). 
You  can  set  the  IP  address,  change  the  default 
name  (PowerBay)  and  set  the  workgroup.  It 
also  shows  the  IP 
address  of  the  PC 
running  the  util¬ 
ity,  which  is  a  nice 
touch. 

Oddly,  the  sys¬ 
tem  doesn’t  demand 
an  administrator 
password,  which  is 
somewhat  lax  even 
in  the  world  of  NAS 
system  security.  When 
we  did  change  the  pass¬ 
word  from  the  default,  the  only  enforcement 
of  good  password  rules  was  the  need  for 
between  five  to  20  characters. 

Creating  users  is  as  simple  as  supplying  the 
name,  password,  and  group  (or  don’t  put  the 
user  in  a  group).  Once  created,  however,  the 
user  will  have  a  real  shock:  he  won’t  be  able  to 
access  any  shared  storage  on  the  box. 

For  some  bizarre  reason,  the  default  vol¬ 
ume,  Volume_l,  doesn’t  allow  access  by  users 
until  they  are  specifically  configured  with 
access  rights.  This  is  the  only  unit  that  makes 
such  a  mess  of  default  disk  access.  Once  you 
fix  this  poor  configuration  choice  by  Verbatim, 
all  is  well. 

One  button  on  the  front  of  the  unit  down¬ 
loads  data  on  any  USB  hard  drive  attached  to 
the  front  USB  port.  USB  ports  and  the  eSATA 
port  can  be  used  to  back  up  the  box’s  data  to  an 
external  hard  disk.  But  Verbatim  does  a  good 
thing,  and  uses  the  second  Gigabit  Ethernet 
port  to  connect  to  a  second  PowerBay  to  act 
as  a  real  time  replication  server  for  your  data. 
If  you  prefer  your  backups  be  further  away, 
rsync  is  provided. 

E-mail  alerts  can  be  sent  to  four  addresses, 
which  is  nice.  Even  better  is  the  checkboxes 
offered  to  define  what  merits  an  alert.  Admin¬ 
istrator  password  change?  Check.  Get  hotter 
than  145  degrees  F?  Check.  Those  and  five 
more  events  can  be  easily  configured. 

It’s  a  shame  Verbatim  made  the  default  vol¬ 
ume  out  of  reach  when  setting  up  the  system 
right  out  of  the  box.  Outside  of  that  big  error, 
everything  else  works  great. 


Seagate  BlackArmor 

With  a  name  like  BlackArmor,  one  expects 
a  no-nonsense  device,  and  the  Seagate 
box  certainly  delivers.  The  black  metal  case, 
slightly  larger  than  average,  has  an  overhang 
on  the  front  that  reminds  us  of  the  lip  of  a 
helmet.  Yet  to  cover  all  bases,  this  box  also 
includes  a  media  server  and  iTunes  support. 

Two  Gigabit  Ethernet  ports  are  balanced  by 
four  USB  2.0  plugs,  one  on  the  front  and  three 
on  the  back.  Seagate  includes  10  licenses  of  its 
BlackArmor  Backup  software  for  Windows  cli¬ 
ents,  as  well  as  SafetyDrill+  software  to  support 
Bare  Metal  Restore  for  Windows  clients, 
the  only  unit  to  offer  such  a  feature.  Time 
Machine  support  wasn’t  included  on 
the  unit  we  tested,  but  a  firm¬ 
ware  upgrade  will  add 
that  feature,  along  with 
VMware  certification. 
While  only  two  lines 
with  16  characters  each, 
the  information  display 
screen  offers  nine  head¬ 
ings  to  drill  down  using 
the  up  and  down  buttons 
beside  the  display.  Typical 
information  such  as  data  and 
time,  IP  address  and  device 
name  are  expected,  but  many 
system  details  such  as  temperature  and  fan 
status  are  also  included. 

RAID  levels  supported  run  the  gamut  from 
0, 1, 5  and  10,  as  well  as  JBOD.  After  data  redun¬ 
dancy  and  storage  overhead,  2.7TB  of  the  4TB 
maximum  storage  was  available.  There’s  a 
recycle  bin  for  each  shared  folder,  but  recov¬ 
ering  files  is  done  through  the  administration 
utility.  A  basic  print  server  is  included. 

The  administration  utility  is  complete  and 
business-like.  Menu  items  are  listed  across 
the  top,  with  submenu  options  stacked  on  the 
left  side.  Clicking  the  Help  button  opens  a  new 
browser  window  with  the  entire  manual  avail¬ 
able,  but  the  displayed  page  is  context  sensitive 
to  the  utility  screen  contents. 

There  are  five  spaces  for  e-mail  notifications, 
which  is  nice.  Like  the  Buffalo  TeraStation,  the 
Seagate  system  sent  a  notice  when  shut  down. 
There  are  no  options  for  when  or  why  to  send 
other  e-mail  notifications,  however.  Prepare  to 
be  surprised. 

When  creating  users,  the  Seagate  unit  gives 
an  option  of  whether  to  create  a  private  user 
share.  If  the  answer  is  yes,  a  drop-down  list 
shows  which  volumes  are  available  to  host 
that  share,  a  nice  touch.  The  default  volume 
is  named  DataVolume.  There’s  an  option  to 
encrypt  user  shares.  Quotas  are  set  by  user 
on  each  volume,  allowing  you  to  restrict  a 
user’s  storage  capacity  on  one  volume  but 
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not  another. 

One  interesting  feature  is  a  hosted  wiki  on 
the  unit.  Enabling  DokuWiki  gives  users  a 
chance  to  create  documentation  or  store  pub¬ 
lic  information  in  an  easy  format  for  everyone 
to  see  and  edit. 


LaCie  5big 

LaCie  has  been  a  major  player  in  the  Apple 
storage  market  for  years,  and  its  box 
shows  a  design  aesthetic  far  more  Apple 
than  Microsoft.  The  largest  unit  in  the  tested 
group,  the  LaCie  is  a  dark  silver  color  with  a 
golf-ball-sized  blue  light  recessed  into  the  box. 
The  Quick  Install  Guide  names  the  designer 
(Neil  Poulton)  just  under  the  name  of  the  unit, 
meaning  design  is  far  more  important  than 
for  any  of  the  other  units.  The  fact  this  looks 
like  modern  art  rather  than  disk  storage  testi¬ 
fies  to  its  success. 

The  five  disk  trays  each  hold  a  1TB  disk 
drive.  Five  disks  and  five  drives  mean  the 
usable  space  is  3.6TB  (out  of  5TB),  a  big  bump 
over  the  other  units  with  only  four  disks.  With 
larger  disks,  the  unit  can  hold  7.5TB  or  10TB, 
and  it  supports  RAID  levels  0, 5, 5+  and  6  (two 
drives  can  die  and  the  data  remains  safe).  Just 
like  with  Apple,  the  manual  and  included 
software  comes  on  a  DVD,  not  a  CD. 

Two  Gigabit  Ethernet  ports  are  on  the  back, 
as  are  two  USB  2.0  ports.  Unlike  the  previ¬ 
ous  models  discussed,  two  eSATA  ports  are 
also  on  the  back,  allowing  you  to  plug  high- 
performance  SATA 
drives  directly  to 
the  box  for  better 
throughput  than  the 
USB  ports.  Unfor¬ 
tunately,  the  eSATA 
performance  is  your 
best  bet  for  backing 
up  the  unit  contents, 
since  there’s  no  NAS- 
to-NAS  option. 

Genie  Backup  Man¬ 
ager  Pro  8  (for  Windows 
clients)  and  Intego  Backup  Manager  Pro  8  (for 
Macs)  are  included,  but  only  three  licenses 
each.  As  we  expected,  Time  Machine  is  pro¬ 
vided  for  Apple  clients  as  well. 

The  two  default  shared  folders  are  Public 
and  Share,  but  only  Public  is  open  to  everyone. 
Users  must  be  allowed  access  to  Share. 

Creating  users  is  straightforward,  and 
each  field  pops  up  helpful  information  as  you 
mouse  over  it.  Private  folders  are  not  created 
with  the  users.  Quotas  are  set  by  shared  folder, 
not  user  name.  When  you  create  a  folder  for  a 
user,  you  must  then  go  to  the  Shares  screen  to 
allow  that  user  access  to  that  folder.  There  is 


no  way  to  import  a  list  of  users 
at  once,  but  LaCie  does  integrate 
into  Microsoft’s  Active  Directory, 
like  every  other  box  in  this  test. 

Apple  fans  will  love  the  LaCie 
box.  Those  watching  their  pen¬ 
nies  will  love  the  added  extra 
storage  for  the  same  cost  as 
many  of  the  competitors.  The 
Western  Digital  unit  may  be  the 
least  expensive  per  usable  tera¬ 
byte  based  on  retail  price  ($231), 
but  the  LaCie  is  darn  close  at 
$236  per  usable  TB. 


QNAPTS-459  Pro  II 

This  average-sized  box  has  a 
black  front  with  a  gray  metal 
body.  Design  goals  were  functional,  not  fancy, 
with  the  four  drives  right  in  the  front,  and  an 
information  display  of  two  lines  of  16  char¬ 
acters  offering  the  IP  address.  When  the  top 
control  button  beside  the  display  is  held  down 
for  two  seconds,  the  Main  Menu  appears, 
allowing  quite  a  bit  of  configuration  functions 
without  touching  a  computer  or  administra¬ 
tive  utility.  We  tested  with  four  700GB  drives, 
which  delivered  2.06TB  of  available  storage. 

Two  Gigabit  Ethernet  ports  on  the  back  are 
balanced  by  four  USB  2.0  ports  and  two  eSATA 
ports.  A  fifth  USB  2.0  port  on  the  front  is  just 
below  a  “Copy”  button  to  trigger  data  imports 
and  exports.  Printers  or  external  disks  can  be 
connected  to  the  USB  ports,  while  the  eSATA 
plugs  only  support  storage  devices. 
RAID  levels  1, 5  and  6  are  supported. 

The  Quick  Installation  Guide  is  a 
folded  piece  of  poster-sized  paper  with 
English  and  17  other  languages.  Initial 
setup  is  straightforward,  but  the  admin¬ 
istrative  utility  is  surprisingly  attractive 
in  a  fun  icon  way,  with  easy  navigation. 
This  may  be  the  best  looking  admin  util¬ 
ity  of  the  bunch.  One  oddity  is  to  make 
the  default  workgroup  name  NAS  rather 
than  workgroup.  Users  can  be  added  in 
bunches,  Active  Directory  is  supported,  and 
disk  quotas  are  set  by  user. 

NetBak  Replicator  software  is  included 
for  clients,  along  with  10  licenses.  Data  on 
the  QNAP  device  can  be  replicated  via  rsync 
or  up  to  Amazon  S3  storage  services,  the 
behind-the-scenes  storage  destination  of 
many  backup  providers.  Time  Machine  can 
be  enabled  for  Apple  clients. 

There  is  space  for  only  two  e-mail 
addresses  for  alert  notifications,  but  you  can 
configure  SMS  texting  alerts  as  well.  Between 
two  e-mail  and  two  text  notifications,  alerts 
should  be  noticed. 
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At  first,  user  password  security  seems  no 
better  than  the  rest  of  the  boxes,  with  a  new 
user’s  password  suggested  to  be  at  least  six 
characters,  but  not  enforced.  Digging  deeper, 
however,  brought  us  to  a  screen  where  pass¬ 
word  rigor  for  users  can  be  upped  consider¬ 
ably.  You  can  force  users  to  use  three  types 
of  characters  in  a  password  (choosing  from 
lower  or  upper  case  letters,  numbers  and 
symbols),  stop  them  from  repeating  charac¬ 
ters  more  than  three  times  in  a  row,  and  block 
them  from  making  their  password  the  same 
as  their  username,  or  their  username  typed 
backwards. 

QNAP  features  the  stoutest  user  security 
of  the  group,  and  easily  enforced  across  the 
board  from  one  configuration  checkbox.  In 
addition  to  the  password  rules,  ranges  of  IP 
addresses  can  be  blocked,  or  set  so  only  clients 
within  that  range  can  connect  to  the  unit. 

Blurring  the  lines  between  a  NAS  unit 
acting  as  a  file  server,  and  a  full  application 
server,  QNAP  adds  in  the  Apache  Web  server, 
MySQL  server,  Surveillance  Station,  iTunes 
server  and  download  station.  Plug-ins  for  the 
Web  server  can  be  downloaded  from  QPKG, 
provided  by  QNAP.  Two  dozen  plug-ins  are 
available,  ranging  from  SqueezeBox  Server  to 
the  WordPress  blogging  platform  to  the  vtiger 
CRM  to  the  Joombla  content  management  sys¬ 
tem  and  more. 

Whether  running  a  dozen  applications 
on  a  NAS  box  is  a  good  idea  or  not,  having 
the  option  to  add  one  or  two  centralized  pro¬ 
grams  without  a  Windows  server,  such  as  the 
Asterisk  Internet  phone  system  software  or 
the  XDove  e-mail  servers,  on  an  inexpensive 
server  platform  could  be  quite  handy.  ■ 

Gaskin  writes  books,  articles  and  jokes  about 
technology  from  his  home-office  lab  in  the  Dal¬ 
las  area.  Contact  him  at  james@gaskin.com. 
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NETWORK  MONITORING 


What’s  in  your  network? 

IPsonar  makes  quick  work  of  documenting  the  nooks  and  crannies  of  enterprise  nets 


BYBARRYNANCE 

Documenting  your  network  may 
sound  like  a  mundane  task, 
but  it’s  vitally  important  for  IT 
managers  to  keep  their  network 
documentation  up  to  date  for  a 
number  of  reasons. 

Troubleshooters  will  thank  you  when  the 
documentation  helps  them  understand  the 
scope  and  breadth  of  a  problem.  Capacity 
planners  will  thank  you  because  they’ll  have 
firm  ground  to  stand  on  when  they  gauge 
usage  trends  and  make  recommendations. 
Budget  people  will  thank  you  for  finally 
giving  them  an  accurate  rendering  of  the 
network.  And  the  CIO  will  thank  you  (and 
maybe  give  you  a  raise)  for  providing  a  clear 
picture  of  your  company’s  network. 

We  tested  IPsonar,  a  network  documen¬ 
tation  tool  that  Lumeta  delivered  to  our  lab 
pre-installed  on  an  HP  EliteBook  computer 
running  FreeBSD. 

IPsonar  is  a  great  concept,  and  using  it 
to  document  the  labyrinths  of  a  network 
is  certainly  far  easier  than  documenting 
by  hand.  However,  we  found  that  IPsonar 
could  use  some  interface  improvements,  a 
few  new  reports  and  slightly  smarter  device 
recognition. 

IPsonar  distinguishes  between  differ¬ 
ent  types  of  scans  —  network,  host,  service, 
device  and  leak  —  and  you  can  perform  mul¬ 
tiple  types  in  a  single  run.  A  network  scan 
reveals  topology  and  generates  network 
maps.  A  host  scan  probes  open  ports  to  locate 
Web  servers,  database  servers  and  so  forth.  A 
service  scan  identifies  specific  services  (such 
as  FTP,  NNTP)  running  on  network  nodes. 
A  device  scan  inventories  all  the  network’s 
nodes,  querying  for  device  type  and  function 
along  the  way.  If  you  strategically  pepper 
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Product 

IPsonar  5.0 
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Pricing 
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server  is  $50,000,  scan 
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CLEAR 


your  network  with  Lumeta  Leak  Sensors,  a 
leak  scan  finds  unauthorized  Internet  con¬ 
nection  points. 

IPsonar  accurately  detected  all  of  the 
devices  and  links  that  we  exposed  it  to  on  a 
variety  of  networks.  For  managed  (SNMP- 
aware)  devices  for  which  we  specified  good 
community  strings,  it  correctly  identified 
the  purpose,  type,  manufacturer  and  other 
details  of  each  of  those  devices. 

However,  IPsonar  struggled  with  unman¬ 
aged  devices.  For  example,  IPsonar  char¬ 
acterized  a  Motorola  2210  DSL  router  as 
a  “host”  because  the  DSL  router  had  a  Web 
server  (Port  80)  interface.  IPsonar  even 
declared  the  DSL  router’s  operating  system 
was  either  NetBSD  or  OpenBSD  1.6.  IPsonar 
should  have  noticed  that  the  IP  addresses  on 
either  side  of  the  DSL  router  were  different 
enough  to  call  it  a  router,  not  a  host. 

In  the  same  vein,  IPsonar  noted  a  device 
was  manufactured  by  Cisco,  was  running 
the  IOS  11.2  operating  system  and  was 
bounded  by  dissimilar  IP  addresses,  but, 
because  we  used  an  incorrect  community 
string,  IPsonar  failed  to  identify  the  type  of 
device  (it  was  a  router,  of  course).  IPsonar 
also  misidentified  a  3Com  OfficeConnect 
802.11g  access  point. 

We’d  like  to  see  IPsonar  use  smart  heuris¬ 
tics  to  help  document  unmanaged  devices. 
It  might  deductively  use,  for  instance,  the 
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presence  of  disparate  IP  addresses  on  either 
side  of  a  device  or  specific  Maximum  Trans¬ 
mission  Unit  (MTU)  values  to  help  deter¬ 
mine  the  nature  of  a  device  or  link. 

We  set  up  a  variety  of  scan  configurations, 
giving  each  a  unique  name.  For  each  scan, 
we  specified  scan  types,  IP  address  blocks 
to  scan  (or  avoid),  SNMP  community  strings, 
sensors  to  use,  packet  rates  and  DNS  servers 
(from  which  to  obtain  node  names). 

Another  oddity:  we  could  specify  time 
periods  in  which  IPsonar  should  perform  a 
scan.  However,  IPsonar  didn’t  let  us  choose 
a  date/time  frequency  for  actually  running 
scans  on  a  regular  basis.  We  had  to  manu¬ 
ally  click  a  “Start  Scan”  button  each  time  we 
wanted  IPsonar  to  scan  our  network. 

Screwy  GUI 

IPsonar  has  a  Web  browser  interface.  The 
upper  left  portion  of  IPsonar’s  “home  page” 
—prime  user  interface  real  estate  —  displays, 
of  all  things,  disk  space  usage  on  the  IPsonar 
server,  with  a  large  “Update  Now”  button  for 
bored  people  who  want  to  see  how  often  the 
numbers  change. 

We  could  also  perform  a  “tactical  scan"  as 
well  as  see  the  updated-every-30-seconds 
progress  indicators  for  currently  running 
scans  and  reports.  A  tactical  scan  is  a  net¬ 
work  scan,  leak  scan,  service  scan  or  ping  of 
a  specific  IP  address  that  you  do  after  fixing 
something  on  the  network. 

The  home  page  also  has  links  to  pages  for 
setting  up  scans,  performing  administrative 
tasks  and  viewing  reports. 

Choosing  the  reports  link  and  selecting 
a  report  for  viewing  transports  you  into 
another  world.  The  report  viewer  is  an 
interactive  Adobe  Flash  environment  that 
is,  unlike  IPsonar’s  other  Web  pages,  easy  to 
use,  well  designed  and  almost  intuitive. 

Each  report  display  is  highly  customiz¬ 
able  and  can  include  a  dashboard,  node 
map,  list  of  nodes,  chart  of  SNMP-aware 
routers,  leak  -detection  results  and  a  wealth 
of  other  information.  Click  on  a  node  in  the 
node  map  and  it  displays  several  categories 
of  information  about  that  node,  and  most 
report  displays  offer  both  PDF  and  format- 
for-printer  options. 

Unfortunately,  Lumeta  doesn’t  offer  the 
means  to  combine  reports  (for  example,  con¬ 
solidating  Americas,  Europe  and  Far  East 
into  one  global  view)  or  the  means  to  reveal 
trends  by  comparing  earlier  reports  with 
current  ones  via  statistical  analysis. 

Outside  the  interactive  reporting  envi¬ 
ronment,  IPsonar  can  be  quite  unfriendly. 
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A  study  in  contrasts  -  IPsonar's  reports  (right-hand  browser  window)  interactively  and  creatively 
use  Adobe  Flash,  but  its  main  window  (on  the  left)  is  poorly  designed  and  awkward. 


Initiating  a  scan  without  specifying  a  Leak 
Sensor  produced  the  cryptic  message,  “Inter¬ 
nal  Error:  Scan  type  leakDiscovery  did  not 
execute.”  Clicking  on  a  button  to  get  more 
information  about  a  scan  (or  other  activity) 
displayed  log  file  entries  that  were  mostly 
meaningful  only  to  a  programmer. 

When  we  asked  IPsonar  to  show  its  net¬ 
work  map  after  a  scan  of  just  the  local  net¬ 
work,  it  produced  a  never-ending  “Retrieving 
Map”  display.  (Bug  cause:  IPsonar  assumes 
all  scans  look  beyond  the  local  network). 
After  a  few  days  of  testing,  IPsonar’s  internal 
Apache  Web  server  began  displaying  “Inter¬ 
nal  Server  Error”  messages  when  we  clicked 
on  the  home  page  link.  (Bug  workaround:  We 
renamed  the  IPsonar  server  from  “NTL”  to 
“NTL2”  and  the  “Internal  Server  Error”  mes¬ 
sages  disappeared). 

While  its  online  help  facility  is  context- 
sensitive  and  oftentimes  helpful,  IPsonar’s 
Administrator  Guide  is  a  PDF  file  whose  con¬ 
tents  are,  unfortunately,  rather  obscure. 

Conclusion 

IPsonar  is  a  study  in  contrasts.  While  it 


certainly  can  ease  the  work  of  documenting  a 
network,  IPsonar’s  user  interface  issues  and 
lack  of  “smart  heuristics”  detract  from  its 
highly  creative  reporting  environment.  ■ 


Nance  runs  Network  Testing  Labs  and  is  the 
author  of  Introduction  to  Networking,  4th 
Edition  and  Client/Server  LAN  Programming. 
He  can  be  reached  at  barryn@erols.com. 
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Microsoft  routes  around  its  own  COICA  damage 


WELL,  WHO  would  have  guessed?  A  big 
“thank  you”  to  Microsoft  is  in  order.  Just  one 
week  after  I  chose  Microsoft  as  the  recipient 
of  this  year’s  Gibbs  Golden  Turkey  Award  for  being  all  heavy-handed 
and  &A%$ish  about  hackers  creating  open-source  drivers  for  Micro¬ 
soft’s  Kinect  controller,  the  company  goes  and  reverses  its  position. 

After  the  hack,  Microsoft  said  it  was  going  to  “work  closely  with  law 
enforcement  and  product-safety  groups  to  keep  Kinect  tamper-resis¬ 
tant,”  which  sounded  pretty  threatening.  But  when  CNN  interviewed 
two  Microsofties  after  the  incident  and  asked,  “So  no  one  is  going  to  get 
in  trouble?”  The  reply  was,  “Nope.  Absolutely  not.” 

Asking  whether  anyone  would  get  in  trouble  reveals  that  CNN  had 
the  rather  strange  idea  that  somebody  could  have  gotten  into  trouble. 
What’s  more  ridiculous  is  that  the  Microsoft  people  didn’t  say  that 
the  idea  of  somebody  getting  into  trouble  over  writing  drivers  for  the 
Kinect  was  nonsensical  (which  it  is);  they  simply  said  trouble  wasn’t 
going  to  happen,  which  sounds  pretty  arrogant. 

What  Microsoft  is  doing  in  this  case  is  very  Internet-like:  The  com¬ 
pany  is  routing  around  the  damage  —  of  course  it’s  their  own  damage, 
but  the  principle  still  applies. 

The  idea  of  routing  around  damage  comes  from  a  quote  from  John 
Gilmore,  a  famous  computer  scientist  and  a  founder  of  the  Electronic 
Frontier  Foundation.  Gilmore  said,  “The  ’Net  interprets  censorship 
as  damage  and  routes  around  it.”  The  same  can  be  said  for  any  kind 
of  damage  to  the  online  world:  The  ’Net  is  a  living  thing,  which  means 
it  is  adept  at  self-preservation  and  recovery  from  injury.  This  is  some¬ 
thing  that  politicians  and  anyone  who  would  attempt  to  remove  First 


Amendment  rights  would  do  well  to  remember. 

Here’s  a  case  in  point:  The  passing,  in  unseemly  and  ill-considered 
haste,  of  the  Combating  Online  Infringement  and  Counterfeits  Act 
(COICA)  that  allows  the  effective  shutting  down  of  Web  sites  alleged  to 
be  involved  in  music  and  or  video  piracy.  As  I  have  discussed  in  other 
columns,  the  way  the  Justice  Department  plans  to  do  this  is  by  requir¬ 
ing  ISPs  to  stop  resolving  domain  names  to  IP  addresses. 

The  most  disturbing  thing  about  COICA  is  that  it  essentially  short- 
circuits  due  process,  becoming  a  powerful  vehicle  for  censorship.  And 
what  did  Gilmore  specifically  reference?  Yep,  censorship. 

We’ve  seen  efforts  in  China  and  other  parts  of  Asia,  where  restrictive 
and  despotic  regimes  have  tried  to  rein  in  the  influence  of  the  ’Net  It 
hasn’t  worked;  the  ’Net  just  recovers  and  carries  on. 

The  passing  of  COICA  has  many  people  worried  about  what  it  might 
mean  in  practice,  and  they’re  already  talking  about  solutions  for  mini¬ 
mizing  the  bill’s  consequences.  One  of  the  coolest  responses  comes 
from  Peter  Sunde,  a  co-founder  of  the  infamous  Pirate  Bay.  Sunde  has 
started  a  project  to  create  a  decentralized  DNS  system  based  on  peer- 
to-peer  technology.  Potentially,  everyone  could  own  the  DNS  system. 

But  what  is  so  interesting  is  that  the  environmental  pressure  of  idi¬ 
otic  bills  like  COICA  and  other  misguided  efforts  will,  in  the  long  run, 
make  the  Internet  stronger  and  more  robust. 

We  should  give  thanks  that  Microsoft  has  seen  sense  and  that  we’re 
being  forced  to  improve  the  ’Net.  % 

Gibbs  is,  once  again,  thankful  in  Ventura,  Calif.  Send  your  alternative 
choice  for  the  Gibbs  Golden  Turkey  to  backspin@gibbs.com. 
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The  single  greatest  career  move  in  history 


CHANCES  ARE  no  one  has  heard  Eric 
Schmidt  muttering  under  his  breath,  “Dang, 
I  could  have  worked  at  Attachmate.” 

The  thought  arose  as  I  compiled  a  Novell  corporate  timeline  to 
accompany  our  online  coverage  of  its  recent  acquisition  by  Attach¬ 
mate.  Schmidt  was  CEO  at  Novell  in  2001  when  he  was  offered  and 
took  the  top  spot  at  Google.  The  rest  is  history,  and  has  prompted  me 
to  wonder  over  the  years:  Has  anyone  in  any  field  ever  made  a  better 
career  move? 

I  say  no.  You  say,  Who  wouldn’t  rather  run  Google  than  Novell? 

You’re  thinking  2010  Google,  the  one  whose  stock  price  is  sniffing 
$600,  good  for  a  market  cap  of  some  $186  billion.  In  2001,  the  wisdom 
of  Schmidt’s  decision  was  not  so  readily  apparent,  even  though  Novell 
had  seen  its  best  days,  and,  while  a  mere  three  years  removed  from  the 
Stanford  dorm  room  of  its  founders,  Google  was  already  being  used  as 
a  verb  by  the  more  tech  savvy. 

I  distinctly  remember  thinking,  “Google?  Schmidt?  Really?” 

My  bad.  But  I  was  thinking  of  2001  Google,  as  were  a  whole  lot  of 
other  journalists. 

The  Wall  Street  Journal  noted  that  although  Google  was  attracting  50 
million  unique  visitors  a  month,  Yahoo  was  garnering  four  times  that 
and  wasn’t  exactly  making  a  mint. 

“Google’s  basic  business  model  remains  questionable.  Because 
Google  doesn’t  offer  banner  ads  or  other  general  advertising  displays 
on  its  Web  site,  it  must  rely  on  discreet  ads  that  are  supplied  only  when 
users  seai'ch  for  specific  key  words.  These  so-called  sponsor  links  are 
text-only  and  are  highlighted  in  different  colors  to  distinguish  them 


from  search  results.” 

How  could  anyone  build  a  business  around  those  itty-bitty  ads? 

In  fact,  one  of  Schmidt’s  first  moves  as  Google  CEO  was  to  assure  one 
and  all  that  the  company  was  in  the  black.  “We  are  quite  profitable,”  he 
said.  “We  are  not  talking  about  1%.” 

In  the  San  Francisco  Gate,  Schmidt  basically  gushed  about  the  finan¬ 
cial  situation  he  inherited:  “People  say,  ‘Google,  interesting  technology, 
wonderful  brand,  but  how  do  you  make  money?’  The  founders,  in  their 
inimitable  way,  have  managed  to  build  a  company  that  was  profitable 
in  the  March  quarter  in  a  cash  flow  basis,  and  in  June,  we  were  profit¬ 
able  on  a  [generally  accepted  accounting  principles]  basis.  It’s  amazing, 
but  even  in  the  summer,  which  is  traditionally  slow  from  an  advertis¬ 
ing  perspective,  it  looks  like  we  will  continue  this  fine  performance.” 

Think  they  worry  about  summer  doldrums  now? 

Keep  in  mind  that  this  was  18  months  after  the  pop  of  the  dot-com 
bubble  and  there  were  those  who  viewed  Google  as  just  another  eye¬ 
ball-aggregating,  revenue-light  suspect. 

When  it  was  suggested  to  a  Forbes  writer  that  “search  is  the  second 
most  popular  activity  on  the  Web  —  it  would  be  absurd  to  think  busi¬ 
nesses  can’t  make  a  profit  off  it,”  the  writer  replied:  “We’ll  believe  it 
when  we  see  it.” 

Bet  he  believes  it  now.  Bet  Schmidt  believed  it  as  he  cleaned  out  his 
desk  at  Novell.  But  I  also  bet  he  didn’t  see  himself  being  worth  $5  bil¬ 
lion.  And  I  guarantee  he  never  thought  he’d  just  made  the  single  great¬ 
est  career  decision  in  the  history  of  gainful  employment.  ■ 

Have  another  candidate?  The  address  is  buzz@nww.com. 
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altogetherbetter 


verizon  Scale  up,  scale  down — no  biggie. 

Cloud  management  should  be  quick  and  easy.  With  Computing  as  a  Service  (CaaS)  SMB,  it  is.  Our 
intuitive  dashboard  enables  you  to  provision  servers  and  scale  computing  up  or  down  in  minutes. 
CaaS  SMB  lets  you  pay  only  for  the  capacity  your  business  needs,  when  it  needs  it,  so  you  can  avoid 
the  expense  of  expanding  and  maintaining  on-site  servers.  Only  Verizon's  service  features  physically 
redundant  architecture  for  up  to  1 00  percent  availability,  fully  integrated  firewalls,  and  enterprise- 
grade  virtualization,  so  your  data  and  applications  stay  secure.  And  unlike  other  cloud  solutions, 
there's  no  minimum  commitment  to  use  it. 

To  get  started  with  CaaS  SMB,  visit  verizonbusiness.com/caassmb  today. 


O  2010  Verizon.  All  Rights  Reserved. 
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faster  server  ROI. 


With  budgets  flat  and  workloads  exploding,  it's  time  to  unleash  the  innovation  and  cost  savings  locked  up 
within  your  aging  server  infrastructure  with  next  generation  HP  ProLiant  servers  powered  by  8-  and  12-core 
AMD  Opteron™  6100  Series  processors.  Upgrade  now  and  experience: 

•  23:1  server  consolidation  ratio1 

•  96%  or  more  savings  on  energy  and  cooling1 

•  $48,380  in  total  savings  for  every  100  users2 

Transform  your  server  environment  while  building  the  foundation  for  the  HP  Converged  Infrastructure. 

All  for  an  investment  that  pays  for  itself  in  as  little  as  2  months.1  Unleash  faster  server  ROI  now. 

Outcomes  that  matter. 


See  the  proof.  Access  our  ROI  calculator  and  register  to  download  your  podcasts  at 

hp.com/servers/unleash9 


HP  ProLiant  DL385  G7  Server 

•  AMD  Opteron™  Processor  Model  6134 

•  4  GB  memory,  up  to  256  GB  max 

•  Up  to  eight  (8)  small  form  factor  high-performance  SAS  hard  drives 
with  standard  cage.  Or  up  to  16  SFF  or  6  LFF  hard  drives  with 
optional  drive  cages. 

•  Integrated  Lights-Out  3  (iLO  3)  providing  industry-leading 
management  and  8X  faster  remote  console  performance 

$2,599  (Save  $498) 

Lease  for  just  $69/mo.* 

Smart  (PN:  605869-005) 


HP  ProLiant  BL465c  G7  Server 

•  AMD  Opteron™  Processor  Model  61  28HE 

•  8  GB  memory,  up  to  256  GB  max 

•  Up  to  two  (2)  hot  plug  small  form  factor  SAS,  SATA, 
or  SSD  drives 

•  Integrated  Lights-Out  3  (iLO  3)  providing  industry-leading 
management  and  8X  faster  remote  console  performance 

•  Two  Integrated  HP  Virtual  Connect  FlexFabric  Converged 
Network  Adapters 


Starting  at  $3,079 

Lease  as  low  as  $88/mo.* 
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’  2For  details  on  claim  substantiations,  visit  hp.com/servers/unleash9 
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